[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

US9083694B2 - Methods, systems, and products for authentication of users - Google Patents

Methods, systems, and products for authentication of users Download PDF

Info

Publication number
US9083694B2
US9083694B2 US14/266,889 US201414266889A US9083694B2 US 9083694 B2 US9083694 B2 US 9083694B2 US 201414266889 A US201414266889 A US 201414266889A US 9083694 B2 US9083694 B2 US 9083694B2
Authority
US
United States
Prior art keywords
subject matter
user
authentication
client device
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
US14/266,889
Other versions
US20140237577A1 (en
Inventor
Kevin A. Li
Troy C. Meuninck
II Robert Raymond Miller
James H. Pratt
Horst J. Schroeter
Behzad Shahraray
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
AT&T Intellectual Property I LP
Original Assignee
AT&T Intellectual Property I LP
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by AT&T Intellectual Property I LP filed Critical AT&T Intellectual Property I LP
Priority to US14/266,889 priority Critical patent/US9083694B2/en
Assigned to AT&T INTELLECTUAL PROPERTY I, L.P. reassignment AT&T INTELLECTUAL PROPERTY I, L.P. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: MEUNINCK, TROY C., LI, KEVIN A., MILLER, ROBERT RAYMOND, II, PRATT, JAMES H., SCHROETER, HORST J., SHAHRARAY, BEHZAD
Publication of US20140237577A1 publication Critical patent/US20140237577A1/en
Priority to US14/737,656 priority patent/US9584500B2/en
Application granted granted Critical
Publication of US9083694B2 publication Critical patent/US9083694B2/en
Priority to US15/411,969 priority patent/US9881149B2/en
Priority to US15/863,874 priority patent/US10810299B2/en
Assigned to AT&T INTELLECTUAL PROPERTY I, L.P. reassignment AT&T INTELLECTUAL PROPERTY I, L.P. CORRECTIVE ASSIGNMENT TO CORRECT THE EXECUTION DATE OF THE FIFTH INVENTORS PREVIOUSLY RECORDED AT REEL: 032886 FRAME: 0093. ASSIGNOR(S) HEREBY CONFIRMS THE ASSIGNMENT . Assignors: MEUNINCK, TROY C., LI, KEVIN A., MILLER, ROBERT RAYMOND, II, PRATT, JAMES H., SCHROETER, HORST J., SHAHRARAY, BEHZAD
Priority to US17/023,689 priority patent/US11449595B2/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints

Definitions

  • Authentication is common. People often input a username and password to access a device, website, or service. As we are all too aware, though, text-based authentication is vulnerable to hackers.
  • FIG. 1 is a simplified schematic illustrating an environment in which exemplary embodiments may be implemented
  • FIG. 2 is a more detailed schematic illustrating an operating environment, according to exemplary embodiments
  • FIGS. 3-6 are schematics illustrating a learning session, according to exemplary embodiments.
  • FIGS. 7-12 are schematics illustrating authentication based on models from skills, according to exemplary embodiments.
  • FIGS. 13-19 are more schematics illustrating authentication based on models from skills, according to exemplary embodiments.
  • FIG. 20 is a schematic illustrating a rejection of the random subject matter, according to exemplary embodiments.
  • FIGS. 21-23 are schematics illustrating a database of subject matter, according to exemplary embodiments.
  • FIGS. 24-25 are schematics illustrating local authentication, according to exemplary embodiments.
  • FIG. 26 is a schematic illustrating authentication using physical building blocks, according to exemplary embodiments.
  • FIG. 27 is a schematic illustrating gesture-based authentication, according to exemplary embodiments.
  • FIGS. 28-30 are flowcharts illustrating a method or algorithm for authenticating users, according to exemplary embodiments.
  • FIGS. 31-32 depict still more operating environments for additional aspects of the exemplary embodiments.
  • first, second, etc. may be used herein to describe various elements, these elements should not be limited by these terms. These terms are only used to distinguish one element from another. For example, a first device could be termed a second device, and, similarly, a second device could be termed a first device without departing from the teachings of the disclosure.
  • FIG. 1 is a simplified schematic illustrating an environment in which exemplary embodiments may be implemented.
  • FIG. 1 illustrates authentication of a client device 20 to an authentication server 22 .
  • the client device 20 for simplicity, is illustrated as a smart phone 24 .
  • the client device 20 and the authentication server 22 may communicate over a communications network 26 .
  • a user of the client device 20 wishes to access some service, application, or features for which authentication is needed. While the user may input a username and password, exemplary embodiments utilize a graphical, sketch-based authentication procedure. That is, the user of the client device 20 is prompted to draw or sketch a picture 28 .
  • the picture 28 may be sent to the authentication server 22 .
  • the authentication server 22 may then inspect the picture 28 drawn by the user of the client device 20 .
  • the user is authenticated by the authentication server 22 .
  • the user in other words, is permitted to access the service, application, or features for which authentication is needed. If the picture 28 does not satisfy the authentication procedure 30 , then the user may be denied access.
  • authentication utilizes the sketching skills 32 of the user.
  • the user of the client device 20 wishes to authenticate, the user is instructed to draw random subject matter 34 .
  • the random subject matter 34 may be selected by the authentication server 22 and/or by the client device 20 .
  • the user then draws a sketch 36 of the random subject matter 34 .
  • the user for example, uses their finger, fingernail, or a stylus to draw the sketch 36 on a touch screen 38 of the smart phone 24 .
  • the client device 20 sends data 40 describing the sketch 36 to the authentication server 22 .
  • the data 40 may then be compared to a freehand model 42 .
  • the freehand model 42 is an electronic recreation of the random subject matter 34 generated from the sketching skills 32 associated with the user.
  • the freehand model 42 in other words, predicts what the random subject matter 34 should look like, using the user's known sketching skills 32 .
  • the authentication server 22 learns the user's sketching skills 32 over time. So, the user's sketch 36 (as represented by the data 40 ) is compared to the freehand model 42 predicted by the user's known sketching skills 32 . If the data 40 matches the freehand model 42 predicted from the user's known sketching skills 32 , then the user may be authenticated. If data 40 does not match the freehand model 42 , then authentication may fail.
  • Exemplary embodiments thus eliminate cumbersome, conventional authentication schemes. Users no longer need to remember cumbersome passwords. Security concerns are greatly reduced, as the user need not fear nefarious use of stolen passwords. Occurrences of identity theft are thus reduced.
  • FIG. 2 is a more detailed schematic illustrating an operating environment, according to exemplary embodiments.
  • the user's client device 20 may have a processor 50 (e.g., “ ⁇ P”), application specific integrated circuit (ASIC), or other component that executes a client-side authentication algorithm 52 stored in a local memory 54 .
  • the authentication server 22 may also have a processor 60 (e.g., “ ⁇ P”), application specific integrated circuit (ASIC), or other component that executes a server-side authentication algorithm 62 stored in a local memory 64 .
  • the client-side authentication algorithm 52 and/or the server-side authentication algorithm 62 include instructions, code, and/or programs that authenticate the user of the client device 20 .
  • the user may be authenticated solely by either the client-side authentication algorithm 52 or the server-side authentication algorithm 62 . However, the client-side authentication algorithm 52 and the server-side authentication algorithm 62 may cooperate in a client-server relationship to authenticate the user.
  • the communications network 26 may be a wireless network having cellular, WI-FI®, and/or BLUETOOTH® capability.
  • the communications network 26 may be a cable network operating in the radio-frequency domain and/or the Internet Protocol (IP) domain.
  • IP Internet Protocol
  • the communications network 26 may also include a distributed computing network, such as the Internet (sometimes alternatively known as the “World Wide Web”), an intranet, a local-area network (LAN), and/or a wide-area network (WAN).
  • the communications network 26 may include coaxial cables, copper wires, fiber optic lines, and/or hybrid-coaxial lines.
  • the communications network 26 may even include wireless portions utilizing any portion of the electromagnetic spectrum and any signaling standard (such as the IEEE 802 family of standards, GSM/CDMA/TDMA or any cellular standard, and/or the ISM band).
  • the communications network 26 may even include powerline portions, in which signals are communicated via electrical wiring.
  • the concepts described herein may be applied to any wireless/wireline communications network, regardless of physical componentry, physical configuration, or communications standard(s).
  • FIGS. 3-6 are schematics illustrating a learning session 70 , according to exemplary embodiments.
  • exemplary embodiments may need to learn the user's sketching skills 32 .
  • the authentication server 22 is going to predict the user's authentication sketches, the authentication server 22 must learn the user's sketching skills 32 .
  • the user may be repetitively prompted to draw one, several, or many pictures of different scenes, places, and/or things.
  • the user may first be asked to draw a sunset.
  • the user submits the sketch 36 of their interpretation of the sunset.
  • the user may then be instructed to draw a bicycle, then a flowerpot, then a lamppost.
  • FIG. 3 thus illustrates the learning session 70 .
  • the authentication server 22 accesses a database 72 of subject matter.
  • the database 72 of subject matter stores one or more listings of subject matter for authentication purposes.
  • the database 72 of subject matter is illustrated as being locally stored in the authentication server 22 , but the database 72 of subject matter may be remotely stored and accessed from any network location.
  • FIG. 3 illustrates the database 72 of subject matter as a listing 74 of nouns.
  • the listing 74 of nouns may be any listing of persons, places, and/or things that the authenticating user may be required to draw.
  • the listing 74 of nouns for example, may include “bowl,” “chair,” “fire hydrant,” “globe,” “tree,” and “truck.” While FIG.
  • the server-side authentication algorithm 62 instructs the processor (illustrated as reference numeral 60 in FIG. 2 ) to query the database 72 of subject matter to obtain the random subject matter 34 .
  • the database 72 of subject matter randomly selects an entry 76 from the listing 74 of nouns.
  • the database 72 of subject matter then responds with the random subject matter 34 .
  • FIG. 4 illustrates prompts for the random subject matter 34 .
  • the server-side authentication algorithm 62 sends a capture instruction 80 to the user's client device 20 .
  • the capture instruction 80 routes along the communications network 26 to a network address associated with the user's client device 20 .
  • the client-side authentication algorithm 52 inspects the capture instruction 80 for the random subject matter 34 .
  • the client-side authentication algorithm 52 then instructs the processor (illustrated as reference numeral 50 in FIG. 2 ) to generate a prompt 82 to draw the random subject matter 34 .
  • the prompt 82 for example, is produced by the touch screen 38 on the user's smart phone 24 .
  • the user then proceeds to draw the random subject matter 34 using a fingernail, stylus, or other instrument.
  • the client-side authentication algorithm 52 captures the user's sketch 36 of the random subject matter 34 .
  • the user's sketch 36 of the random subject matter 34 is captured as touch screen data 84 by the user's smart phone 24 .
  • FIG. 5 illustrates a database 90 of profiles.
  • the touch screen data 84 is sent to the authentication server 22 .
  • the client-side authentication algorithm 52 instructs the user's client device 20 to send the touch screen data 84 to the network address associated with the authentication server 22 .
  • the server-side authentication algorithm 62 may stores the touch screen data 84 in a profile 92 .
  • the profile 92 may store the touch screen data 84 in association with a user identifier 94 and/or a device identifier 96 .
  • the user identifier 94 may be any information that uniquely identifies the user, such as a username.
  • the user identifier may also be a biometric fingerprint, a facial scan, a retina scan, or any other physical recognition.
  • the device identifier 96 may be any information that uniquely identifies the client device 20 , such as a machine address, network address, or serial number.
  • the server-side authentication algorithm 62 may also associate the touch screen data 84 to the random subject matter 34 .
  • the server-side authentication algorithm 62 in other words, may now maintain associations between the random subject matter 34 , the user's corresponding sketch 36 (as represented by the touch screen data 84 ), the user identifier 94 , and/or the device identifier 96 .
  • FIG. 6 thus illustrates the cyclic learning session 70 .
  • the server-side authentication algorithm 62 may repeatedly retrieve different random subject matter 34 from the database 72 of subject matter.
  • the capture instruction 80 is sent to the client device 20 .
  • the user is prompted to draw each random subject matter 34 .
  • Each of the user's sketches 36 is captured (such as by the touch screen data 84 ) and sent back to the authentication server 22 .
  • the user's sketch 36 may then be associated with the random subject matter 34 .
  • the server-side authentication algorithm 62 begins to acquire the user's sketching skills 32 . As each sketch 36 is obtained, the server-side authentication algorithm 62 builds a repository of the different random subject matter 34 and the user's corresponding sketches 36 (as represented by the touch screen data 84 ). The server-side authentication algorithm 62 performs a graphical analysis 100 to compare the different random subject matter 34 and the user's responsive sketches 36 . Over time the server-side authentication algorithm 62 acquires confidence in learning the user's sketching skills 32 . The server-side authentication algorithm 62 thus gains enough information to predict how the user will sketch any subject matter. That is, whatever random subject matter 34 that the user is instructed to draw, the true user's response can be predicted from the sketching skills 32 . Indeed, over time with several or many iterations, the graphical analysis 100 yields a highly accurate estimation of the user's sketching skills 32 .
  • the graphical analysis 100 may utilize any comparison. There are many schemes that compare the different random subject matter 34 and the user's responsive sketches 36 . Exemplary embodiments, for example, may compare slopes and arcs of lines to ascertain the user's sketching skills 32 . Right-handed people, for example, draw images with different slants and arcs from left-handed people. When arcs and circles are drawn, different artists have different starting and ending points. Linear velocities of lines and circles may also differ between users. Different users may have different measures of detail and/or complexity in their sketches 36 . Different users utilize different depth and perspective in their respective sketches 36 . The graphical analysis 100 may thus utilize any measurement and/or comparison to estimate the user's sketching skills 32 .
  • FIGS. 7-12 are schematics illustrating cloud-based authentication, according to exemplary embodiments. Now that the user's sketching skills 32 are learned, the user's sketching skills 32 may be applied to authentication requests.
  • the client-side authentication algorithm 52 sends an authentication notification 110 to the authentication server 22 .
  • the authentication notification 110 identifies the device identifier 96 that wishes to authenticate.
  • the device identifier 96 is any information that uniquely identifies the client device 20 wishing to authenticate.
  • the authentication notification 110 routes via the communications network (illustrated as reference numeral 26 in FIG. 1 ) to the network address associated with the authentication server 22 .
  • the server-side authentication algorithm 62 is alerted to an authentication attempt from the client device 20 .
  • the server-side authentication algorithm 62 inspects the authentication notification 110 for the device identifier 96 .
  • the random subject matter 34 is then selected.
  • the server-side authentication algorithm 62 instructs the authentication server 22 to query the database 72 of subject matter for the random subject matter 34 .
  • the database 72 of subject matter then responds with the random subject matter 34 .
  • the server-side authentication algorithm 62 instructs the authentication server 22 to send an authentication instruction 112 to the client device 20 .
  • the authentication instruction 112 includes information that identifies the random subject matter 34 selected by the database 72 of subject matter.
  • the authentication instruction 112 routes via the communications network 26 to the network address associated with the requesting client device 20 .
  • FIG. 8 illustrates the prompt 82 for the random subject matter 34 .
  • the client-side authentication algorithm 52 inspects the authentication instruction 112 for the random subject matter 34 .
  • the client device 20 generates the prompt 82 to draw the random subject matter 34 .
  • FIG. 8 again illustrates the prompt 82 produced by the touch screen 38 on the user's smart phone 24 .
  • the prompt 82 visually presents a textual version 114 of the random subject matter 34 (such as “Please draw a hamburger to authenticate”).
  • FIG. 9 illustrates a capture of the user's sketch 36 .
  • the user begins drawing her version of the random subject matter 34 .
  • the user places her fingernail or stylus to the touch screen 38 and proceeds to draw her interpretation of the random subject matter 34 .
  • the client-side authentication algorithm 52 captures the user's sketch 36 as the touch screen data 84 .
  • the user may touch or click some icon (such as a “Done” graphical control 116 ).
  • the user may also make a different input, such as a “double tap” on the touch screen 38 .
  • the user informs the client-side authentication algorithm 52 that the sketch 36 is complete.
  • the touch screen data 84 is then electronically captured and stored at least temporarily in the memory of the client device 20 .
  • Exemplary embodiments may also guide the user.
  • the prompt 82 may also help the user draw her interpretation of the random subject matter 34 .
  • exemplary embodiments may partially display some of the random subject matter 34 .
  • the prompt 82 would then instruct the user to complete the drawing.
  • the random subject matter 34 is the “hamburger,” then exemplary embodiments may graphically illustrate a bun on the touch screen 38 .
  • the prompt 82 may then instruct the user to complete the drawing, with or without revealing the random subject matter 34 .
  • the user may then draw, or fill in, the details that accompany her interpretation of the random subject matter 34 .
  • the client-side authentication algorithm 52 then captures the user's sketch 36 as the touch screen data 84 .
  • FIG. 10 illustrates an authentication request 120 .
  • exemplary embodiments send the touch screen data 84 to the authentication server 22 .
  • the client-side authentication algorithm 52 instructs the client device 20 to send the authentication request 120 .
  • the authentication request 120 routes along the communications network (illustrated as reference numeral 26 in FIG. 1 ) to the network address associated with the authentication server 22 .
  • the authentication request 120 may also include the touch screen data 84 and the device identifier 96 that wishes to authenticate.
  • the server-side authentication algorithm 62 may now authenticate the client device 20 .
  • FIG. 11 illustrates the authentication.
  • the server-side authentication algorithm 62 needs to determine if the user's sketch 36 , represented by the touch screen data 84 , is truly the artistic work expected from the client device 20 (e.g., the device identifier 96 ). So, before authentication can be performed, the server-side authentication algorithm 62 may predict what to graphically expect from the client device 20 .
  • Exemplary embodiments may thus retrieve the user's sketching skills 32 . Because the device identifier 96 identifies the client device 20 that wishes to authenticate, the server-side authentication algorithm 62 queries the database 90 of profiles for the device identifier 96 that wishes to authenticate. Here, though, the database 90 of profiles retrieves and responds with the sketching skills 32 associated with the device identifier 96 .
  • the freehand model 42 may now be built.
  • the sketching skills 32 describe the freehand sketching capabilities associated with the device identifier 96 .
  • the server-side authentication algorithm 62 may thus use the sketching skills 32 to generate the freehand model 42 .
  • the client-side authentication algorithm 52 may call or invoke a graphing program 130 that generates the freehand model 42 of the random subject matter 34 , using the sketching skills 32 associated with the device identifier 96 wishing to authenticate. Exemplary embodiments, in other words, may generate an electronic representation of the same random subject matter 34 , using the sketching skills 32 of the true person wishing to authenticate.
  • the server-side authentication algorithm 62 compares the touch screen data 84 to the freehand model 42 generated from the sketching skills 32 of the true person wishing to authenticate.
  • the server-side authentication algorithm 62 may use any graphical comparison 132 to determine a similarity 134 between the touch screen data 84 and the freehand model 42 . If the user is truly who she purports to be, then her touch screen data 84 will sufficiently match the freehand model 42 generated from her own sketching skills 32 . If her touch screen data 84 does not match the freehand model 42 , then perhaps an imposter or rogue is attempting to authenticate.
  • the similarity 134 may thus be compared to a threshold 136 .
  • the similarity 134 may be any measurement of how closely the touch screen data 84 matches the freehand model 42 .
  • the graphical comparison 132 may measure the similarity 134 between shapes and/or style.
  • the graphical comparison 132 may additionally or alternatively measure a velocity of strokes, direction of strokes, and/or pressure or force of strokes. Starting locations, ending locations, and/or transition locations may be compared.
  • the threshold 136 may be any value, or values, that define or determine a minimum similarity 134 between the touch screen data 84 and the freehand model 42 .
  • the threshold 136 may be an error function that generates a maximum error between the user's sketch 36 (using the touch screen data 84 ) and the freehand model 42 generated from the sketching skills 32 . If the user is truly who she purports to be, then her touch screen data 84 will match, satisfy, or equal the freehand model 42 to within the threshold 136 . If her touch screen data 84 does not match the freehand model 42 , then the authentication may fail.
  • FIG. 12 illustrates an authentication response 138 .
  • the server-side authentication algorithm 62 makes an authentication decision 140 . If the similarity 134 satisfied the threshold 136 , then the authentication decision 140 may be an affirmation or permission. If the similarity 134 fails to satisfy the threshold 136 , then the authentication decision 140 may be a denial of access.
  • the authentication decision 140 is sent from the authentication server 22 as the authentication response 138 .
  • the authentication response 138 communicates to the network address associated with the requesting client device 20 .
  • the client-side authentication algorithm 52 also obtains the authentication decision 140 . If the authentication decision 140 is the affirmation, then the client-side authentication algorithm 52 may access whatever permissions are available from the authentication server 22 . If the client-side authentication algorithm 52 obtains the denial, though, then authentication failed.
  • FIGS. 13-19 are more schematics illustrating authentication, according to exemplary embodiments.
  • authentication may be based on the user identifier 94 associated with the user.
  • Many computers, tablets, and other client devices are shared by multiple users (such as members of a household). Exemplary embodiments may thus also authenticate different users that share the same client device 20 .
  • the current user of the client device 20 inputs their unique user identifier 94 , such as a username.
  • the user identifier 94 may also be a biometric identifier, such as a scan of a fingerprint, face, or retina.
  • the learning session 70 is repeated for each different user. Because the client device 20 may be shared, each different user may thus have some login credential, such as the user identifier 94 . The user logs on to the client device 20 and completes the learning session 70 to recursively learn the user's sketching skills 32 . Whenever any sharing user wishes to authenticate, the graphical sketch-based authentication may proceed. Many details of this shared-device authentication are the same, so the similar details are only briefly reviewed.
  • FIG. 14 thus illustrates the authentication notification 110 .
  • the client-side authentication algorithm 52 sends the authentication notification 110 to the authentication server 22 .
  • the authentication notification 110 includes the user identifier 94 associated with the current user of the client device 20 .
  • the server-side authentication algorithm 62 is alerted to an authentication attempt from the current user of the client device 20 .
  • the server-side authentication algorithm 62 inspects the authentication notification 110 for the user identifier 94 .
  • the random subject matter 34 is then selected.
  • the server-side authentication algorithm 62 queries the database 72 of subject matter for the random subject matter 34 .
  • the database 72 of subject matter randomly selects one of its entries (illustrated as reference numeral 76 from the listing 74 of nouns in FIG. 13 ).
  • the database 72 of subject matter responds to the query with the random subject matter 34 , and the authentication server 22 sends the authentication instruction 112 to the client device 20 .
  • FIG. 15 illustrates the prompt 82 for the random subject matter 34 .
  • the client-side authentication algorithm 52 inspects the authentication instruction 112 for the random subject matter 34 .
  • the client-side authentication algorithm 52 causes the client device 20 to generate the prompt 82 to draw the random subject matter 34 .
  • FIG. 15 again illustrates the prompt 82 produced by the touch screen 38 on the user's smart phone 24 .
  • the prompt 82 visually presents the textual version 114 of the random subject matter 34 (e.g., “Please draw a hamburger to authenticate”).
  • the user's sketch 36 is captured. As FIG. 16 illustrates, the user draws her version of the random subject matter 34 .
  • the client-side authentication algorithm 52 captures the user's sketch 36 as the touch screen data 84 .
  • the touch screen data 84 is stored in the memory of the client device 20 .
  • FIG. 17 illustrates the authentication request 120 .
  • exemplary embodiments send the touch screen data 84 to the authentication server 22 .
  • the authentication request may include the touch screen data 84 and the user identifier 94 associated with the current user of the client device 20 .
  • the server-side authentication algorithm 62 may now authenticate the current user of the client device 20 .
  • FIG. 18 illustrates the authentication.
  • the server-side authentication algorithm 62 determines if the user's sketch 36 , represented by the touch screen data 84 , is truly the artistic work expected from the user identifier 94 . So, the server-side authentication algorithm 62 queries the database 90 of profiles for the user identifier 94 that wishes to authenticate. The database 90 of profiles retrieves and responds with the sketching skills 32 associated with the user identifier 94 .
  • the freehand model 42 is built.
  • the sketching skills 32 describe the freehand sketching capabilities associated with the user identifier 94 .
  • the server-side authentication algorithm 62 may thus use the sketching skills 32 to generate the freehand model 42 .
  • the server-side authentication algorithm 62 may call or invoke the graphing program 130 that generates the freehand model 42 of the random subject matter 34 , using the sketching skills 32 associated with the user identifier 94 wishing to authenticate.
  • the server-side authentication algorithm 62 compares the touch screen data 84 to the freehand model 42 generated from the sketching skills 32 associated with the user identifier 94 .
  • the server-side authentication algorithm 62 may perform the graphical comparison 132 to determine the similarity 134 between the touch screen data 84 and the freehand model 42 . If the user is truly who she logged in as (e.g., the user identifier 94 ), then her touch screen data 84 will sufficiently match the freehand model 42 generated from her own sketching skills 32 , perhaps within the threshold 136 . If her touch screen data 84 does not match the freehand model 42 , then perhaps an imposter or rogue is attempting to authenticate.
  • FIG. 19 illustrates the authentication response 138 .
  • the server-side authentication algorithm 62 makes the authentication decision 140 . If the similarity 134 satisfied the threshold 136 , then the authentication decision 140 may be the affirmation, thus allowing the client device 20 to access services and features. If the similarity 134 fails to satisfy the threshold 136 , then the authentication decision 140 may be the denial.
  • the authentication server 22 sends the authentication decision 140 as the authentication response 138 .
  • the client-side authentication algorithm 52 also obtains the authentication decision 140 . If the authentication decision 140 is the affirmation, then the client-side authentication algorithm 52 may access whatever permissions are available from the authentication server 22 . If the client-side authentication algorithm 52 obtains the denial, though, then authentication failed.
  • FIG. 20 is a schematic illustrating a rejection 150 of the random subject matter 34 , according to exemplary embodiments.
  • exemplary embodiments may determine that the random subject matter 34 , selected from the database 72 of subject matter, is too complicated for the sketching skills 32 of the authenticating user.
  • the authentication server 22 receives the authentication notification 110 from the client device 20 , the authentication server 22 is alerted to an authentication attempt by the user of the client device 20 . The authentication server 22 then queries for the random subject matter 34 .
  • the authentication server 22 may compare the random subject matter 34 to the sketching skills 32 of the authenticating user.
  • the random subject matter 34 may have an associated level 152 of difficulty. That is, each entry 76 in the database 72 of subject matter may have the associated level 152 of difficulty. Each level 152 of difficulty represents any measurement or evaluation of how hard the corresponding random subject matter 34 is to draw. Exemplary embodiments, then, may assign numerical values to different levels 152 of difficulties. Complicated subject matter, for example, may have a high level 152 of difficulty on a spectrum 154 of difficulty. Easy subject matter, though, may have a low level 152 of difficulty on the spectrum 154 of difficulty.
  • Each user's sketching skills 32 may also have an associated level 156 of capability.
  • the level 156 of capability represents any measurement or evaluation of the corresponding user's ability to draw pictures.
  • the user's sketching skills 32 may be evaluated and assigned the level 156 of capability on a spectrum 158 of capability. Exemplary embodiments, then, may assign numerical values to different levels 156 of capability. If the user's sketching skills 32 are determined to be highly capable, then the user's level 156 of capability may be highly ranked on the spectrum 158 of capability. If the user's sketching skills 32 are determined to be unskilled or incapable, then the user's level 156 of capability may be lowly ranked on the spectrum 158 of capability. Exemplary embodiments may thus compare the random subject matter 34 to the sketching skills 32 of the authenticating user.
  • the level 152 of difficulty may be compared to the user's level 156 of capability. If the level 152 of difficulty exceeds the user's level 156 of capability, the server-side authentication algorithm 62 may have discretion to reject or decline the random subject matter 34 retrieved from the database 72 of subject matter.
  • the random subject matter 34 may be too complicated, or beyond the capabilities, of the authenticating user. If the random subject matter 34 is too complicated, authentication may be too inaccurate for reliable results.
  • the server-side authentication algorithm 62 may, instead, query the database 72 of subject matter for another, second random subject matter 34 . Indeed, the query may specify the user's level 156 of capability, thus instructing the database 72 of subject matter to only retrieve entries 76 having the level 152 of difficulty as less than or equal to the user's level 156 of capability.
  • Exemplary embodiments may also compute a difference 160 .
  • FIGS. 21-22 are schematics further illustrating the database 72 of subject matter, according to exemplary embodiments.
  • the database 72 of subject matter may store the listing 74 of nouns and a listing 170 of verbs.
  • the listing 74 of nouns may be any listing of persons, places, and/or things that the authenticating user may be required to draw.
  • the listing 170 of verbs may be any listing of action words and/or modifiers.
  • the listing 170 of verbs for example, may include “running,” “sleeping,” “driving,” and “planting.”
  • exemplary embodiments may select an entry 76 from both the listing 74 of nouns and the listing 170 of verbs.
  • the database 72 of subject matter randomly selects the entry 76 from the listing 74 of nouns and another random entry 172 from the listing 170 of verbs.
  • the database 72 of subject matter then pairs the two randomly selected entries 76 and 172 as the random subject matter 34 .
  • the database 72 of subject matter may retrieve “tractor” as the entry 76 from the listing 74 of nouns and “firing” as the another random entry 172 from the listing 170 of verbs.
  • the database 72 of subject matter then pairs “tractor” and “firing” as “tractor firing” to create the random subject matter 34 .
  • the authentication instruction 112 is then sent, and the authenticating user is then prompted to draw “tractor firing,” as this disclosure earlier explained.
  • pairings may seem senseless.
  • the exemplary pairing “tractor firing” may make little lexical sense. Indeed, some pairings (such as “ball sleeping” or “tree driving”) may be difficult to conceptualize and draw. Still, though, exemplary embodiments may prompt the user to draw whatever pairing is selected by the database 72 of subject matter.
  • exemplary embodiments may only pair noun and verb combinations that have recognized lexical usage and/or linguistic meaning Some nouns, in other words, may only have a limited number of possible pairings with verbs that have linguistic meaning.
  • FIG. 22 thus illustrates predefined noun and verb pairings.
  • the database 72 of subject matter may store a listing 180 of noun-verb pairings. Each entry 76 in the listing 180 of noun-verb pairings is a pre-selected noun-verb combination that is lexically or linguistically recognized. While some noun-verb pairings may have greater usage or meaning, the noun-verb pairings are chosen for authentication purposes.
  • the database 72 of subject matter retrieves one of the noun-verb pairings as the random subject matter 34 . The authenticating user is then prompted to draw the noun-verb pairing, as this disclosure earlier explained.
  • FIG. 23 is a schematic further illustrating the database 72 of subject matter, according to exemplary embodiments.
  • the database 72 of subject matter may be remotely located and accessed from any location in the communications network 26 .
  • FIG. 23 illustrates the database 72 of subject matter being stored in memory of a remote server 190 .
  • the remote server 190 has a microprocessor, ASIC, or other hardware component that manages queries to, and responses from, the database 72 of subject matter.
  • the server-side authentication algorithm 62 causes the authentication server 22 to send a query 192 to the database 72 of subject matter.
  • the query 192 routes through the communications network 26 to the network address associated with the remote server 190 .
  • the database 72 of subject matter retrieves the random subject matter 34 and sends a response 194 .
  • FIGS. 24-25 are schematics illustrating local authentication, according to exemplary embodiments. Earlier paragraphs explained how the client device 20 may use the remote authentication server 22 for cloud-based, authentication services.
  • exemplary embodiments include a local solution in which the client device 20 itself authenticates the user.
  • FIG. 24 illustrates the learning session 70 .
  • the client device 20 learns the user's sketching skills 32 .
  • the user is repetitively prompted to draw pictures of different scenes, places, and/or things.
  • This prompt-and-sketch routine is repeated as long as necessary until the sketching skills 32 of the user are learned.
  • FIG. 24 illustrates the database 72 of subject matter being locally stored in the client device 20 , but the database 72 of subject matter may be remotely stored and accessed (as FIG. 23 illustrated).
  • the client-side authentication algorithm 52 recursively prompts the user to draw the random subject matter 34 .
  • the client-side authentication algorithm 52 queries the database 72 of subject matter for the random subject matter 34 .
  • the client-side authentication algorithm 52 generates the prompt 82 to draw the random subject matter 34 , and the user creates the sketch 36 of the random subject matter 34 .
  • the client-side authentication algorithm 52 captures the data 40 that describes the user's sketch 36 (perhaps as the touch screen data 84 ).
  • the database 90 of profiles may also be locally stored. Once the user's sketch 36 of the random subject matter 34 is captured, the touch screen data 84 may be stored in the user's profile 92 . Because the client device 20 may be shared among multiple users, each different user may establish their own profile 92 . The profile 92 associates the touch screen data 84 with the user identifier 94 of the user. The client-side authentication algorithm 52 may also associate the touch screen data 84 to the random subject matter 34 .
  • This learning session 70 repeats.
  • the client-side authentication algorithm 52 may repeatedly retrieve different random subject matter 34 from the database 72 of subject matter. The user is prompted to draw each random subject matter 34 .
  • Each of the user's sketches 36 is captured (such as by the touch screen data 84 ) and stored in the user's profile 92 . The user's sketch 36 may then be associated with the random subject matter 34 .
  • This cyclic learning session 70 is repeated until the user's sketching skills 32 are determined.
  • FIG. 25 illustrates authentication. Now that the user's sketching skills 32 are learned, the user's sketching skills 32 may be applied to authentication requests.
  • the client-side authentication algorithm 52 queries the database 72 of subject matter for the random subject matter 34 .
  • the database 72 of subject matter selects the random subject matter 34
  • the client-side authentication algorithm 52 instructs the processor 50 to generate the prompt 82 .
  • the prompt 82 is visually displayed on a display device 200 (such as the touch screen 38 of the smart phone 24 , illustrated in FIG. 1 ), and the prompt 82 instructs the user to draw the random subject matter 34 (such as “Please draw a ‘hamburger’ to authenticate,” as previously explained and illustrated).
  • the user draws the random subject matter 34 , and the data 40 (such as the touch screen data 84 ) is captured.
  • the client-side authentication algorithm 52 retrieves the sketching skills 32 associated with the user identifier 94 .
  • the client-side authentication algorithm 52 generates the freehand model 42 of the random subject matter 34 , using the sketching skills 32 associated with the user identifier 94 wishing to authenticate.
  • the client-side authentication algorithm 52 compares the data 40 to the freehand model 42 using the graphical comparison 132 .
  • the similarity 134 is determined and compared to the threshold 136 . If the similarity 134 satisfies the threshold 136 , then the client-side authentication algorithm 52 may authenticate the user. If the similarity 134 does not satisfy the threshold 136 , then the authentication may fail.
  • Exemplary embodiments may use two-dimensional and three-dimensional images.
  • exemplary embodiments may request a 2-D or 3-D rendering. If the user is prompted to draw a “house,” for example, the user may be required to draw a two-dimensional “house” or a three-dimensional, isometric “house.” Similarly, the freehand model 42 of the random subject matter 34 may also be generated in two-dimensions or three-dimensions.
  • FIG. 26 is a schematic illustrating authentication using physical building blocks, according to exemplary embodiments.
  • the client device 20 is illustrated as a surface computer 210 having an interactive display 212 .
  • One or more legs 214 may support the surface computer 210 , such that the interactive display 212 is generally flat or horizontal like a table.
  • the interactive display 212 may have any orientation.
  • a designer, architect, or other user may place physical building blocks 216 onto the interactive display 212 .
  • the user arranges the building blocks 216 into a physical model 218 of any structure.
  • the building blocks 216 may have a variety of shapes, thus allowing the user to build models of buildings, cars, component parts, or any other structure.
  • an internal camera 220 peers upward through the interactive display 212 and captures digital pictures of an arrangement of the building blocks 216 .
  • the surface computer 210 analyzes the digital pictures and maps a location and identity of each building block 216 .
  • the surface computer 210 may thus create a computer model of the physical model 218 built atop the interactive display 212 . Because surface computers are known to those of ordinary skill in the art, this disclosure need not provide a detailed explanation.
  • the physical building blocks 216 may be used for authentication.
  • the user may be prompted to arrange the building blocks 216 into the random subject matter 34 . That is, the surface computer 210 executes the client-side authentication algorithm 52 and generates the prompt 82 for the random subject matter 34 (as earlier paragraphs explained).
  • the client-side authentication algorithm 52 causes the internal camera 220 to capture a digital image of the user's physical model 218 of the random subject matter 34 .
  • the model 222 is generated using the user's construction skills 224 learned over time.
  • the user's construction skills 224 are learned from the learning session 70 as earlier explained, but here the user is repeatedly prompted to build two-dimensional and/or three-dimensional models of different random subject matter 34 . If the authenticating user is truly who she purports to be, then exemplary embodiments may predict how she will arrange the building blocks 216 into the random subject matter 34 . If the images and/or locations of the user's physical model 218 (built atop the interactive display 212 ) matches the model 222 generated using the user's construction skills 224 , then the user may be authenticated.
  • FIG. 27 is a schematic illustrating gesture-based authentication, according to exemplary embodiments.
  • the user may be prompted to perform some physical gesture 230 that matches the random subject matter 34 .
  • the random subject matter 34 may be “fly buzzing.”
  • the user would then be prompted (via the prompt 82 ) to perform the physical gesture 230 of a “fly buzzing.”
  • the client device 20 interfaces with an imaging system 232 (such as a digital camera) to capture video data 234 of the user performing her physical interpretation of a “fly buzzing.”
  • Exemplary embodiments may then compare the video data 234 to a gesture model 236 learned over time from gesture skills 238 .
  • the learning session 70 may cyclically prompt the user to perform various gestures, and the user's physical interpretations are analyzed to develop the gesture skills 238 .
  • the user's gesture skills 238 may be used to generate the gesture model 236 of the random subject matter 34 . If the authenticating user is truly who she purports to be, then exemplary embodiments may predict how she will physically interpret the random subject matter 34 . If the video data 234 matches the gesture model 236 , then the user may be authenticated.
  • FIGS. 28-30 are flowcharts illustrating a method or algorithm for authenticating users, according to exemplary embodiments.
  • a user is prompted to provide an input (Block 250 ).
  • the user's input is received (Block 252 ) and analyzed for the user's skills (Block 254 ).
  • This learning session 70 is repeated to learn the user's skills (Block 216 ).
  • the random subject matter 34 is retrieved (Block 260 ).
  • the random subject matter 34 is compared to the user's skills (Block 262 ).
  • the algorithm continues with FIG. 29 . If the random subject matter 34 is too complicated for the user's skills (Block 264 ), then the random subject matter 34 may be rejected (Block 266 ) and different subject matter is selected (see Block 260 of FIG. 28 ). The user is prompted to interpret the random subject matter 34 (Block 268 ). The user's input is received (Block 270 ). A model of the random subject matter 34 is generated using the skills (Block 272 ). The user's interpretation of the random subject matter 34 is compared to the model of the random subject matter 34 generated from the skills (Block 274 ).
  • the algorithm continues with FIG. 30 . If the user's interpretation matches the model (Block 276 ), then the user may be authenticated (Block 278 ). If the user's interpretation fails to match the model (Block 276 ), then authentication may be denied (Block 280 ).
  • FIG. 31 is a schematic illustrating still more exemplary embodiments.
  • FIG. 31 is a more detailed diagram illustrating a processor-controlled device 300 .
  • the client-side authentication algorithm 52 and/or the server-side authentication algorithm 62 may operate in any processor-controlled device.
  • FIG. 31 illustrates the client-side authentication algorithm 52 and/or the server-side authentication algorithm 62 stored in a memory subsystem of the processor-controlled device 300 .
  • One or more processors communicate with the memory subsystem and execute either or both applications. Because the processor-controlled device 300 is well-known to those of ordinary skill in the art, no further explanation is needed.
  • FIG. 32 depicts still more operating environments for additional aspects of the exemplary embodiments.
  • FIG. 32 illustrates that the exemplary embodiments may alternatively or additionally operate within other processor-controlled devices 300 .
  • FIG. 32 illustrates that the client-side authentication algorithm 52 and/or the server-side authentication algorithm 62 may entirely or partially operate within a set-top box (“STB”) ( 302 ), a personal/digital video recorder (PVR/DVR) 304 , personal digital assistant (PDA) 306 , a Global Positioning System (GPS) device 308 , an interactive television 310 , an Internet Protocol (IP) phone 312 , a pager 314 , a cellular/satellite phone 316 , or any computer system, communications device, or any processor-controlled device utilizing a digital signal processor (DP/DSP) 318 .
  • IP Internet Protocol
  • IP Internet Protocol
  • pager 314 a pager 314
  • a cellular/satellite phone 316 or any computer system, communications device
  • the processor-controlled device 300 may also include watches, radios, vehicle electronics, clocks, printers, gateways, mobile/implantable medical devices, and other apparatuses and systems. Because the architecture and operating principles of the various processor-controlled devices 300 are well known, the hardware and software componentry of the various processor-controlled devices 300 are not further shown and described.
  • Exemplary embodiments may be physically embodied on or in a computer-readable storage medium.
  • This computer-readable medium may include CD-ROM, DVD, tape, cassette, floppy disk, optical disk, memory card, memory drive, and large-capacity disks.
  • This computer-readable medium, or media could be distributed to end-subscribers, licensees, and assignees.
  • a computer program product comprises processor-executable instructions for authenticating users, as the above paragraphs explained.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)
  • Electrically Operated Instructional Devices (AREA)

Abstract

Methods, systems, and products authenticate users for access to devices, applications, and services. Skills of a user are learned over time, such that an electronic model of random subject matter may be generated. The user is prompted to interpret the random subject matter, such as with a drawing, physical arrangement, or performance. The user's interpretation is then compared to the electronic model of the random subject matter. If the user is truly who they purport to be, their interpretation will match the electronic model, thus authenticating the user. If interpretation fails to match the electronic model, authentication may be denied.

Description

CROSS-REFERENCE TO RELATED APPLICATION
This application is a continuation of U.S. application Ser. No. 13/647,435 filed Oct. 9, 2012 and since issued as U.S. Pat. No. 8,752,151, which is incorporated herein by reference in its entirety.
BACKGROUND
Authentication is common. People often input a username and password to access a device, website, or service. As we are all too aware, though, text-based authentication is vulnerable to hackers.
BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS
The features, aspects, and advantages of the exemplary embodiments are understood when the following Detailed Description is read with reference to the accompanying drawings, wherein:
FIG. 1 is a simplified schematic illustrating an environment in which exemplary embodiments may be implemented;
FIG. 2 is a more detailed schematic illustrating an operating environment, according to exemplary embodiments;
FIGS. 3-6 are schematics illustrating a learning session, according to exemplary embodiments;
FIGS. 7-12 are schematics illustrating authentication based on models from skills, according to exemplary embodiments;
FIGS. 13-19 are more schematics illustrating authentication based on models from skills, according to exemplary embodiments;
FIG. 20 is a schematic illustrating a rejection of the random subject matter, according to exemplary embodiments;
FIGS. 21-23 are schematics illustrating a database of subject matter, according to exemplary embodiments;
FIGS. 24-25 are schematics illustrating local authentication, according to exemplary embodiments;
FIG. 26 is a schematic illustrating authentication using physical building blocks, according to exemplary embodiments;
FIG. 27 is a schematic illustrating gesture-based authentication, according to exemplary embodiments;
FIGS. 28-30 are flowcharts illustrating a method or algorithm for authenticating users, according to exemplary embodiments; and
FIGS. 31-32 depict still more operating environments for additional aspects of the exemplary embodiments.
DETAILED DESCRIPTION
The exemplary embodiments will now be described more fully hereinafter with reference to the accompanying drawings. The exemplary embodiments may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. These embodiments are provided so that this disclosure will be thorough and complete and will fully convey the exemplary embodiments to those of ordinary skill in the art. Moreover, all statements herein reciting embodiments, as well as specific examples thereof, are intended to encompass both structural and functional equivalents thereof. Additionally, it is intended that such equivalents include both currently known equivalents as well as equivalents developed in the future (i.e., any elements developed that perform the same function, regardless of structure).
Thus, for example, it will be appreciated by those of ordinary skill in the art that the diagrams, schematics, illustrations, and the like represent conceptual views or processes illustrating the exemplary embodiments. The functions of the various elements shown in the figures may be provided through the use of dedicated hardware as well as hardware capable of executing associated software. Those of ordinary skill in the art further understand that the exemplary hardware, software, processes, methods, and/or operating systems described herein are for illustrative purposes and, thus, are not intended to be limited to any particular named manufacturer.
As used herein, the singular forms “a,” “an,” and “the” are intended to include the plural forms as well, unless expressly stated otherwise. It will be further understood that the terms “includes,” “comprises,” “including,” and/or “comprising,” when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. It will be understood that when an element is referred to as being “connected” or “coupled” to another element, it can be directly connected or coupled to the other element or intervening elements may be present. Furthermore, “connected” or “coupled” as used herein may include wirelessly connected or coupled. As used herein, the term “and/or” includes any and all combinations of one or more of the associated listed items.
It will also be understood that, although the terms first, second, etc. may be used herein to describe various elements, these elements should not be limited by these terms. These terms are only used to distinguish one element from another. For example, a first device could be termed a second device, and, similarly, a second device could be termed a first device without departing from the teachings of the disclosure.
FIG. 1 is a simplified schematic illustrating an environment in which exemplary embodiments may be implemented. FIG. 1 illustrates authentication of a client device 20 to an authentication server 22. The client device 20, for simplicity, is illustrated as a smart phone 24. The client device 20 and the authentication server 22 may communicate over a communications network 26. A user of the client device 20 wishes to access some service, application, or features for which authentication is needed. While the user may input a username and password, exemplary embodiments utilize a graphical, sketch-based authentication procedure. That is, the user of the client device 20 is prompted to draw or sketch a picture 28. The picture 28 may be sent to the authentication server 22. The authentication server 22 may then inspect the picture 28 drawn by the user of the client device 20. If the picture 28 drawn by the user satisfies an authentication procedure 30, then the user is authenticated by the authentication server 22. The user, in other words, is permitted to access the service, application, or features for which authentication is needed. If the picture 28 does not satisfy the authentication procedure 30, then the user may be denied access.
Here, authentication utilizes the sketching skills 32 of the user. When the user of the client device 20 wishes to authenticate, the user is instructed to draw random subject matter 34. The random subject matter 34 may be selected by the authentication server 22 and/or by the client device 20. Regardless, the user then draws a sketch 36 of the random subject matter 34. The user, for example, uses their finger, fingernail, or a stylus to draw the sketch 36 on a touch screen 38 of the smart phone 24. The client device 20 sends data 40 describing the sketch 36 to the authentication server 22.
The data 40 may then be compared to a freehand model 42. The freehand model 42 is an electronic recreation of the random subject matter 34 generated from the sketching skills 32 associated with the user. The freehand model 42, in other words, predicts what the random subject matter 34 should look like, using the user's known sketching skills 32. As the user interacts with the authentication server 22, the authentication server 22 learns the user's sketching skills 32 over time. So, the user's sketch 36 (as represented by the data 40) is compared to the freehand model 42 predicted by the user's known sketching skills 32. If the data 40 matches the freehand model 42 predicted from the user's known sketching skills 32, then the user may be authenticated. If data 40 does not match the freehand model 42, then authentication may fail.
Exemplary embodiments thus eliminate cumbersome, conventional authentication schemes. Users no longer need to remember cumbersome passwords. Security concerns are greatly reduced, as the user need not fear nefarious use of stolen passwords. Occurrences of identity theft are thus reduced.
FIG. 2 is a more detailed schematic illustrating an operating environment, according to exemplary embodiments. The user's client device 20 may have a processor 50 (e.g., “μP”), application specific integrated circuit (ASIC), or other component that executes a client-side authentication algorithm 52 stored in a local memory 54. The authentication server 22 may also have a processor 60 (e.g., “μP”), application specific integrated circuit (ASIC), or other component that executes a server-side authentication algorithm 62 stored in a local memory 64. The client-side authentication algorithm 52 and/or the server-side authentication algorithm 62 include instructions, code, and/or programs that authenticate the user of the client device 20. The user may be authenticated solely by either the client-side authentication algorithm 52 or the server-side authentication algorithm 62. However, the client-side authentication algorithm 52 and the server-side authentication algorithm 62 may cooperate in a client-server relationship to authenticate the user.
Exemplary embodiments may be applied regardless of networking environment. As the above paragraphs mentioned, the communications network 26 may be a wireless network having cellular, WI-FI®, and/or BLUETOOTH® capability. The communications network 26, however, may be a cable network operating in the radio-frequency domain and/or the Internet Protocol (IP) domain. The communications network 26, however, may also include a distributed computing network, such as the Internet (sometimes alternatively known as the “World Wide Web”), an intranet, a local-area network (LAN), and/or a wide-area network (WAN). The communications network 26 may include coaxial cables, copper wires, fiber optic lines, and/or hybrid-coaxial lines. The communications network 26 may even include wireless portions utilizing any portion of the electromagnetic spectrum and any signaling standard (such as the IEEE 802 family of standards, GSM/CDMA/TDMA or any cellular standard, and/or the ISM band). The communications network 26 may even include powerline portions, in which signals are communicated via electrical wiring. The concepts described herein may be applied to any wireless/wireline communications network, regardless of physical componentry, physical configuration, or communications standard(s).
FIGS. 3-6 are schematics illustrating a learning session 70, according to exemplary embodiments. Before the user can be authenticated, exemplary embodiments may need to learn the user's sketching skills 32. If the authentication server 22 is going to predict the user's authentication sketches, the authentication server 22 must learn the user's sketching skills 32. During the learning session 70, the user may be repetitively prompted to draw one, several, or many pictures of different scenes, places, and/or things. The user, for example, may first be asked to draw a sunset. The user then submits the sketch 36 of their interpretation of the sunset. The user may then be instructed to draw a bicycle, then a flowerpot, then a lamppost. For each prompt the user sketches their interpretation of the requested task. This prompt-and-sketch routine is repeated as long as necessary until the sketching skills 32 of the user are learned.
FIG. 3 thus illustrates the learning session 70. The authentication server 22 accesses a database 72 of subject matter. The database 72 of subject matter stores one or more listings of subject matter for authentication purposes. The database 72 of subject matter is illustrated as being locally stored in the authentication server 22, but the database 72 of subject matter may be remotely stored and accessed from any network location. Regardless, FIG. 3 illustrates the database 72 of subject matter as a listing 74 of nouns. The listing 74 of nouns may be any listing of persons, places, and/or things that the authenticating user may be required to draw. The listing 74 of nouns, for example, may include “bowl,” “chair,” “fire hydrant,” “globe,” “tree,” and “truck.” While FIG. 3 only illustrates several entries in the listing 74 of nouns, in practice the listing 74 of nouns may have hundreds or thousands of entries. The server-side authentication algorithm 62 instructs the processor (illustrated as reference numeral 60 in FIG. 2) to query the database 72 of subject matter to obtain the random subject matter 34. The database 72 of subject matter randomly selects an entry 76 from the listing 74 of nouns. The database 72 of subject matter then responds with the random subject matter 34.
FIG. 4 illustrates prompts for the random subject matter 34. Once the authentication server 22 receives the random subject matter 34, the user is prompted to draw the random subject matter 34. The server-side authentication algorithm 62 sends a capture instruction 80 to the user's client device 20. The capture instruction 80 routes along the communications network 26 to a network address associated with the user's client device 20. When the capture instruction 80 is received, the client-side authentication algorithm 52 inspects the capture instruction 80 for the random subject matter 34. The client-side authentication algorithm 52 then instructs the processor (illustrated as reference numeral 50 in FIG. 2) to generate a prompt 82 to draw the random subject matter 34. The prompt 82, for example, is produced by the touch screen 38 on the user's smart phone 24. The user then proceeds to draw the random subject matter 34 using a fingernail, stylus, or other instrument. The client-side authentication algorithm 52 captures the user's sketch 36 of the random subject matter 34. In this example, the user's sketch 36 of the random subject matter 34 is captured as touch screen data 84 by the user's smart phone 24.
FIG. 5 illustrates a database 90 of profiles. Once the user's sketch 36 of the random subject matter 34 is captured, the touch screen data 84 is sent to the authentication server 22. The client-side authentication algorithm 52 instructs the user's client device 20 to send the touch screen data 84 to the network address associated with the authentication server 22. When the authentication server 22 receives the touch screen data 84, the server-side authentication algorithm 62 may stores the touch screen data 84 in a profile 92. The profile 92 may store the touch screen data 84 in association with a user identifier 94 and/or a device identifier 96. The user identifier 94 may be any information that uniquely identifies the user, such as a username. The user identifier may also be a biometric fingerprint, a facial scan, a retina scan, or any other physical recognition. The device identifier 96 may be any information that uniquely identifies the client device 20, such as a machine address, network address, or serial number. The server-side authentication algorithm 62 may also associate the touch screen data 84 to the random subject matter 34. The server-side authentication algorithm 62, in other words, may now maintain associations between the random subject matter 34, the user's corresponding sketch 36 (as represented by the touch screen data 84), the user identifier 94, and/or the device identifier 96.
FIG. 6 thus illustrates the cyclic learning session 70. The server-side authentication algorithm 62 may repeatedly retrieve different random subject matter 34 from the database 72 of subject matter. The capture instruction 80 is sent to the client device 20. The user is prompted to draw each random subject matter 34. Each of the user's sketches 36 is captured (such as by the touch screen data 84) and sent back to the authentication server 22. The user's sketch 36 may then be associated with the random subject matter 34.
With several iterations the server-side authentication algorithm 62 begins to acquire the user's sketching skills 32. As each sketch 36 is obtained, the server-side authentication algorithm 62 builds a repository of the different random subject matter 34 and the user's corresponding sketches 36 (as represented by the touch screen data 84). The server-side authentication algorithm 62 performs a graphical analysis 100 to compare the different random subject matter 34 and the user's responsive sketches 36. Over time the server-side authentication algorithm 62 acquires confidence in learning the user's sketching skills 32. The server-side authentication algorithm 62 thus gains enough information to predict how the user will sketch any subject matter. That is, whatever random subject matter 34 that the user is instructed to draw, the true user's response can be predicted from the sketching skills 32. Indeed, over time with several or many iterations, the graphical analysis 100 yields a highly accurate estimation of the user's sketching skills 32.
The graphical analysis 100 may utilize any comparison. There are many schemes that compare the different random subject matter 34 and the user's responsive sketches 36. Exemplary embodiments, for example, may compare slopes and arcs of lines to ascertain the user's sketching skills 32. Right-handed people, for example, draw images with different slants and arcs from left-handed people. When arcs and circles are drawn, different artists have different starting and ending points. Linear velocities of lines and circles may also differ between users. Different users may have different measures of detail and/or complexity in their sketches 36. Different users utilize different depth and perspective in their respective sketches 36. The graphical analysis 100 may thus utilize any measurement and/or comparison to estimate the user's sketching skills 32.
FIGS. 7-12 are schematics illustrating cloud-based authentication, according to exemplary embodiments. Now that the user's sketching skills 32 are learned, the user's sketching skills 32 may be applied to authentication requests. As FIG. 7 illustrates, when the user of the client device 20 wishes to authenticate, the client-side authentication algorithm 52 sends an authentication notification 110 to the authentication server 22. Here the authentication notification 110 identifies the device identifier 96 that wishes to authenticate. The device identifier 96 is any information that uniquely identifies the client device 20 wishing to authenticate. The authentication notification 110 routes via the communications network (illustrated as reference numeral 26 in FIG. 1) to the network address associated with the authentication server 22. When the authentication server 22 receives the authentication notification 110, the server-side authentication algorithm 62 is alerted to an authentication attempt from the client device 20. The server-side authentication algorithm 62 inspects the authentication notification 110 for the device identifier 96.
The random subject matter 34 is then selected. The server-side authentication algorithm 62 instructs the authentication server 22 to query the database 72 of subject matter for the random subject matter 34. The database 72 of subject matter then responds with the random subject matter 34. The server-side authentication algorithm 62 instructs the authentication server 22 to send an authentication instruction 112 to the client device 20. The authentication instruction 112 includes information that identifies the random subject matter 34 selected by the database 72 of subject matter. The authentication instruction 112 routes via the communications network 26 to the network address associated with the requesting client device 20.
FIG. 8 illustrates the prompt 82 for the random subject matter 34. When the client device 20 receives the authentication instruction 112, the client-side authentication algorithm 52 inspects the authentication instruction 112 for the random subject matter 34. The client device 20 generates the prompt 82 to draw the random subject matter 34. FIG. 8 again illustrates the prompt 82 produced by the touch screen 38 on the user's smart phone 24. The prompt 82 visually presents a textual version 114 of the random subject matter 34 (such as “Please draw a hamburger to authenticate”).
FIG. 9 illustrates a capture of the user's sketch 36. Once the prompt 82 is presented, the user begins drawing her version of the random subject matter 34. The user places her fingernail or stylus to the touch screen 38 and proceeds to draw her interpretation of the random subject matter 34. The client-side authentication algorithm 52 captures the user's sketch 36 as the touch screen data 84. When the user's sketch 36 is complete, the user may touch or click some icon (such as a “Done” graphical control 116). The user may also make a different input, such as a “double tap” on the touch screen 38. Regardless, the user informs the client-side authentication algorithm 52 that the sketch 36 is complete. The touch screen data 84 is then electronically captured and stored at least temporarily in the memory of the client device 20.
Exemplary embodiments may also guide the user. When the client device 20 generates the prompt 82 to draw the random subject matter 34, the prompt 82 may also help the user draw her interpretation of the random subject matter 34. Instead of merely displaying the textual version 114 of the random subject matter 34 (such as “Please draw a hamburger to authenticate”), exemplary embodiments may partially display some of the random subject matter 34. The prompt 82 would then instruct the user to complete the drawing. For example, if the random subject matter 34 is the “hamburger,” then exemplary embodiments may graphically illustrate a bun on the touch screen 38. The prompt 82 may then instruct the user to complete the drawing, with or without revealing the random subject matter 34. The user may then draw, or fill in, the details that accompany her interpretation of the random subject matter 34. The client-side authentication algorithm 52 then captures the user's sketch 36 as the touch screen data 84.
FIG. 10 illustrates an authentication request 120. Once the user's sketch 36 of the random subject matter 34 is captured, exemplary embodiments send the touch screen data 84 to the authentication server 22. The client-side authentication algorithm 52 instructs the client device 20 to send the authentication request 120. The authentication request 120 routes along the communications network (illustrated as reference numeral 26 in FIG. 1) to the network address associated with the authentication server 22. Here, though, the authentication request 120 may also include the touch screen data 84 and the device identifier 96 that wishes to authenticate. When the authentication server 22 receives the authentication request 120, the server-side authentication algorithm 62 may now authenticate the client device 20.
FIG. 11 illustrates the authentication. The server-side authentication algorithm 62 needs to determine if the user's sketch 36, represented by the touch screen data 84, is truly the artistic work expected from the client device 20 (e.g., the device identifier 96). So, before authentication can be performed, the server-side authentication algorithm 62 may predict what to graphically expect from the client device 20.
Exemplary embodiments may thus retrieve the user's sketching skills 32. Because the device identifier 96 identifies the client device 20 that wishes to authenticate, the server-side authentication algorithm 62 queries the database 90 of profiles for the device identifier 96 that wishes to authenticate. Here, though, the database 90 of profiles retrieves and responds with the sketching skills 32 associated with the device identifier 96.
The freehand model 42 may now be built. As earlier paragraphs explained, the sketching skills 32 describe the freehand sketching capabilities associated with the device identifier 96. The server-side authentication algorithm 62 may thus use the sketching skills 32 to generate the freehand model 42. The client-side authentication algorithm 52 may call or invoke a graphing program 130 that generates the freehand model 42 of the random subject matter 34, using the sketching skills 32 associated with the device identifier 96 wishing to authenticate. Exemplary embodiments, in other words, may generate an electronic representation of the same random subject matter 34, using the sketching skills 32 of the true person wishing to authenticate.
The user's sketch 36 may now be compared. The server-side authentication algorithm 62 compares the touch screen data 84 to the freehand model 42 generated from the sketching skills 32 of the true person wishing to authenticate. The server-side authentication algorithm 62 may use any graphical comparison 132 to determine a similarity 134 between the touch screen data 84 and the freehand model 42. If the user is truly who she purports to be, then her touch screen data 84 will sufficiently match the freehand model 42 generated from her own sketching skills 32. If her touch screen data 84 does not match the freehand model 42, then perhaps an imposter or rogue is attempting to authenticate.
The similarity 134 may thus be compared to a threshold 136. The similarity 134 may be any measurement of how closely the touch screen data 84 matches the freehand model 42. The graphical comparison 132, for example, may measure the similarity 134 between shapes and/or style. The graphical comparison 132 may additionally or alternatively measure a velocity of strokes, direction of strokes, and/or pressure or force of strokes. Starting locations, ending locations, and/or transition locations may be compared. However the similarity 134 is measured, the similarity 134 may be compared to the threshold 136. The threshold 136 may be any value, or values, that define or determine a minimum similarity 134 between the touch screen data 84 and the freehand model 42. The threshold 136, for example, may be an error function that generates a maximum error between the user's sketch 36 (using the touch screen data 84) and the freehand model 42 generated from the sketching skills 32. If the user is truly who she purports to be, then her touch screen data 84 will match, satisfy, or equal the freehand model 42 to within the threshold 136. If her touch screen data 84 does not match the freehand model 42, then the authentication may fail.
FIG. 12 illustrates an authentication response 138. Once the graphical comparison 132 is complete, the server-side authentication algorithm 62 makes an authentication decision 140. If the similarity 134 satisfied the threshold 136, then the authentication decision 140 may be an affirmation or permission. If the similarity 134 fails to satisfy the threshold 136, then the authentication decision 140 may be a denial of access. The authentication decision 140 is sent from the authentication server 22 as the authentication response 138. The authentication response 138 communicates to the network address associated with the requesting client device 20. When the client device 20 receives the authentication response 138, the client-side authentication algorithm 52 also obtains the authentication decision 140. If the authentication decision 140 is the affirmation, then the client-side authentication algorithm 52 may access whatever permissions are available from the authentication server 22. If the client-side authentication algorithm 52 obtains the denial, though, then authentication failed.
FIGS. 13-19 are more schematics illustrating authentication, according to exemplary embodiments. Here authentication may be based on the user identifier 94 associated with the user. Many computers, tablets, and other client devices are shared by multiple users (such as members of a household). Exemplary embodiments may thus also authenticate different users that share the same client device 20. The current user of the client device 20 inputs their unique user identifier 94, such as a username. The user identifier 94, though, may also be a biometric identifier, such as a scan of a fingerprint, face, or retina.
The learning session 70, though, is repeated for each different user. Because the client device 20 may be shared, each different user may thus have some login credential, such as the user identifier 94. The user logs on to the client device 20 and completes the learning session 70 to recursively learn the user's sketching skills 32. Whenever any sharing user wishes to authenticate, the graphical sketch-based authentication may proceed. Many details of this shared-device authentication are the same, so the similar details are only briefly reviewed.
FIG. 14 thus illustrates the authentication notification 110. When one of the sharing users wishes to authenticate, the client-side authentication algorithm 52 sends the authentication notification 110 to the authentication server 22. Here, though, the authentication notification 110 includes the user identifier 94 associated with the current user of the client device 20. When the authentication server 22 receives the authentication notification 110, the server-side authentication algorithm 62 is alerted to an authentication attempt from the current user of the client device 20. The server-side authentication algorithm 62 inspects the authentication notification 110 for the user identifier 94.
The random subject matter 34 is then selected. The server-side authentication algorithm 62 queries the database 72 of subject matter for the random subject matter 34. The database 72 of subject matter randomly selects one of its entries (illustrated as reference numeral 76 from the listing 74 of nouns in FIG. 13). The database 72 of subject matter responds to the query with the random subject matter 34, and the authentication server 22 sends the authentication instruction 112 to the client device 20.
FIG. 15 illustrates the prompt 82 for the random subject matter 34. When the client device 20 receives the authentication instruction 112, the client-side authentication algorithm 52 inspects the authentication instruction 112 for the random subject matter 34. The client-side authentication algorithm 52 causes the client device 20 to generate the prompt 82 to draw the random subject matter 34. FIG. 15 again illustrates the prompt 82 produced by the touch screen 38 on the user's smart phone 24. The prompt 82 visually presents the textual version 114 of the random subject matter 34 (e.g., “Please draw a hamburger to authenticate”).
The user's sketch 36 is captured. As FIG. 16 illustrates, the user draws her version of the random subject matter 34. The client-side authentication algorithm 52 captures the user's sketch 36 as the touch screen data 84. The touch screen data 84 is stored in the memory of the client device 20.
FIG. 17 illustrates the authentication request 120. Once the user's sketch 36 of the random subject matter 34 is captured, exemplary embodiments send the touch screen data 84 to the authentication server 22. The authentication request may include the touch screen data 84 and the user identifier 94 associated with the current user of the client device 20. When the authentication server 22 receives the authentication request 120, the server-side authentication algorithm 62 may now authenticate the current user of the client device 20.
FIG. 18 illustrates the authentication. The server-side authentication algorithm 62 determines if the user's sketch 36, represented by the touch screen data 84, is truly the artistic work expected from the user identifier 94. So, the server-side authentication algorithm 62 queries the database 90 of profiles for the user identifier 94 that wishes to authenticate. The database 90 of profiles retrieves and responds with the sketching skills 32 associated with the user identifier 94.
The freehand model 42 is built. As earlier paragraphs explained, the sketching skills 32 describe the freehand sketching capabilities associated with the user identifier 94. The server-side authentication algorithm 62 may thus use the sketching skills 32 to generate the freehand model 42. The server-side authentication algorithm 62 may call or invoke the graphing program 130 that generates the freehand model 42 of the random subject matter 34, using the sketching skills 32 associated with the user identifier 94 wishing to authenticate.
The user's sketch 36 may now be compared. The server-side authentication algorithm 62 compares the touch screen data 84 to the freehand model 42 generated from the sketching skills 32 associated with the user identifier 94. The server-side authentication algorithm 62 may perform the graphical comparison 132 to determine the similarity 134 between the touch screen data 84 and the freehand model 42. If the user is truly who she logged in as (e.g., the user identifier 94), then her touch screen data 84 will sufficiently match the freehand model 42 generated from her own sketching skills 32, perhaps within the threshold 136. If her touch screen data 84 does not match the freehand model 42, then perhaps an imposter or rogue is attempting to authenticate.
FIG. 19 illustrates the authentication response 138. Once the graphical comparison 132 is complete, the server-side authentication algorithm 62 makes the authentication decision 140. If the similarity 134 satisfied the threshold 136, then the authentication decision 140 may be the affirmation, thus allowing the client device 20 to access services and features. If the similarity 134 fails to satisfy the threshold 136, then the authentication decision 140 may be the denial. The authentication server 22 sends the authentication decision 140 as the authentication response 138. When the client device 20 receives the authentication response 138, the client-side authentication algorithm 52 also obtains the authentication decision 140. If the authentication decision 140 is the affirmation, then the client-side authentication algorithm 52 may access whatever permissions are available from the authentication server 22. If the client-side authentication algorithm 52 obtains the denial, though, then authentication failed.
FIG. 20 is a schematic illustrating a rejection 150 of the random subject matter 34, according to exemplary embodiments. Here exemplary embodiments may determine that the random subject matter 34, selected from the database 72 of subject matter, is too complicated for the sketching skills 32 of the authenticating user. As earlier paragraphs explained, when the authentication server 22 receives the authentication notification 110 from the client device 20, the authentication server 22 is alerted to an authentication attempt by the user of the client device 20. The authentication server 22 then queries for the random subject matter 34.
Here the authentication server 22 may compare the random subject matter 34 to the sketching skills 32 of the authenticating user. As FIG. 20 illustrates, the random subject matter 34 may have an associated level 152 of difficulty. That is, each entry 76 in the database 72 of subject matter may have the associated level 152 of difficulty. Each level 152 of difficulty represents any measurement or evaluation of how hard the corresponding random subject matter 34 is to draw. Exemplary embodiments, then, may assign numerical values to different levels 152 of difficulties. Complicated subject matter, for example, may have a high level 152 of difficulty on a spectrum 154 of difficulty. Easy subject matter, though, may have a low level 152 of difficulty on the spectrum 154 of difficulty.
Each user's sketching skills 32, likewise, may also have an associated level 156 of capability. The level 156 of capability represents any measurement or evaluation of the corresponding user's ability to draw pictures. The user's sketching skills 32 may be evaluated and assigned the level 156 of capability on a spectrum 158 of capability. Exemplary embodiments, then, may assign numerical values to different levels 156 of capability. If the user's sketching skills 32 are determined to be highly capable, then the user's level 156 of capability may be highly ranked on the spectrum 158 of capability. If the user's sketching skills 32 are determined to be unskilled or incapable, then the user's level 156 of capability may be lowly ranked on the spectrum 158 of capability. Exemplary embodiments may thus compare the random subject matter 34 to the sketching skills 32 of the authenticating user.
The level 152 of difficulty may be compared to the user's level 156 of capability. If the level 152 of difficulty exceeds the user's level 156 of capability, the server-side authentication algorithm 62 may have discretion to reject or decline the random subject matter 34 retrieved from the database 72 of subject matter. The random subject matter 34 may be too complicated, or beyond the capabilities, of the authenticating user. If the random subject matter 34 is too complicated, authentication may be too inaccurate for reliable results. The server-side authentication algorithm 62 may, instead, query the database 72 of subject matter for another, second random subject matter 34. Indeed, the query may specify the user's level 156 of capability, thus instructing the database 72 of subject matter to only retrieve entries 76 having the level 152 of difficulty as less than or equal to the user's level 156 of capability.
Exemplary embodiments may also compute a difference 160. When the random subject matter 34 is retrieved from the database 72 of subject matter, the server-side authentication algorithm 62 may compute the difference 160 between the user's level 156 of capability and the level 152 of difficulty assigned to the random subject matter 34. That is, the numerical difference 160 may be computed from
L capability −L Difficulty =L Dif,
where Lcapability denotes the user's level 156 of capability and LDifficulty is the level 152 of difficulty assigned to the random subject matter 34. If LDif is zero (0) or positive, then the random subject matter 34 may be within the sketching skills 32 of the user. When, however, LDif is negative, the random subject matter 34 may be too complicated for the sketching skills 32 of the user. Different random subject matter 34 may need to be chosen.
FIGS. 21-22 are schematics further illustrating the database 72 of subject matter, according to exemplary embodiments. Here the database 72 of subject matter may store the listing 74 of nouns and a listing 170 of verbs. As an earlier paragraph explained, the listing 74 of nouns may be any listing of persons, places, and/or things that the authenticating user may be required to draw. The listing 170 of verbs may be any listing of action words and/or modifiers. The listing 170 of verbs, for example, may include “running,” “sleeping,” “driving,” and “planting.” When the database 72 of subject matter is queried for the random subject matter 34, exemplary embodiments may select an entry 76 from both the listing 74 of nouns and the listing 170 of verbs. That is, the database 72 of subject matter randomly selects the entry 76 from the listing 74 of nouns and another random entry 172 from the listing 170 of verbs. The database 72 of subject matter then pairs the two randomly selected entries 76 and 172 as the random subject matter 34. As FIG. 21 illustrates, the database 72 of subject matter, for example, may retrieve “tractor” as the entry 76 from the listing 74 of nouns and “firing” as the another random entry 172 from the listing 170 of verbs. The database 72 of subject matter then pairs “tractor” and “firing” as “tractor firing” to create the random subject matter 34. The authentication instruction 112 is then sent, and the authenticating user is then prompted to draw “tractor firing,” as this disclosure earlier explained.
Some pairings, however, may seem senseless. The exemplary pairing “tractor firing” may make little lexical sense. Indeed, some pairings (such as “ball sleeping” or “tree driving”) may be difficult to conceptualize and draw. Still, though, exemplary embodiments may prompt the user to draw whatever pairing is selected by the database 72 of subject matter. Alternatively, exemplary embodiments may only pair noun and verb combinations that have recognized lexical usage and/or linguistic meaning Some nouns, in other words, may only have a limited number of possible pairings with verbs that have linguistic meaning.
FIG. 22 thus illustrates predefined noun and verb pairings. Here the database 72 of subject matter may store a listing 180 of noun-verb pairings. Each entry 76 in the listing 180 of noun-verb pairings is a pre-selected noun-verb combination that is lexically or linguistically recognized. While some noun-verb pairings may have greater usage or meaning, the noun-verb pairings are chosen for authentication purposes. The database 72 of subject matter retrieves one of the noun-verb pairings as the random subject matter 34. The authenticating user is then prompted to draw the noun-verb pairing, as this disclosure earlier explained.
FIG. 23 is a schematic further illustrating the database 72 of subject matter, according to exemplary embodiments. Here the database 72 of subject matter may be remotely located and accessed from any location in the communications network 26. FIG. 23, for example, illustrates the database 72 of subject matter being stored in memory of a remote server 190. The remote server 190 has a microprocessor, ASIC, or other hardware component that manages queries to, and responses from, the database 72 of subject matter. When the authentication server 22 needs the random subject matter 34, the server-side authentication algorithm 62 causes the authentication server 22 to send a query 192 to the database 72 of subject matter. The query 192 routes through the communications network 26 to the network address associated with the remote server 190. The database 72 of subject matter retrieves the random subject matter 34 and sends a response 194.
FIGS. 24-25 are schematics illustrating local authentication, according to exemplary embodiments. Earlier paragraphs explained how the client device 20 may use the remote authentication server 22 for cloud-based, authentication services. Here, exemplary embodiments include a local solution in which the client device 20 itself authenticates the user.
FIG. 24 illustrates the learning session 70. Here the client device 20 learns the user's sketching skills 32. Once again the user is repetitively prompted to draw pictures of different scenes, places, and/or things. This prompt-and-sketch routine is repeated as long as necessary until the sketching skills 32 of the user are learned. FIG. 24 illustrates the database 72 of subject matter being locally stored in the client device 20, but the database 72 of subject matter may be remotely stored and accessed (as FIG. 23 illustrated). The client-side authentication algorithm 52 recursively prompts the user to draw the random subject matter 34. The client-side authentication algorithm 52 queries the database 72 of subject matter for the random subject matter 34. The client-side authentication algorithm 52 generates the prompt 82 to draw the random subject matter 34, and the user creates the sketch 36 of the random subject matter 34. The client-side authentication algorithm 52 captures the data 40 that describes the user's sketch 36 (perhaps as the touch screen data 84).
The database 90 of profiles may also be locally stored. Once the user's sketch 36 of the random subject matter 34 is captured, the touch screen data 84 may be stored in the user's profile 92. Because the client device 20 may be shared among multiple users, each different user may establish their own profile 92. The profile 92 associates the touch screen data 84 with the user identifier 94 of the user. The client-side authentication algorithm 52 may also associate the touch screen data 84 to the random subject matter 34.
This learning session 70 repeats. The client-side authentication algorithm 52 may repeatedly retrieve different random subject matter 34 from the database 72 of subject matter. The user is prompted to draw each random subject matter 34. Each of the user's sketches 36 is captured (such as by the touch screen data 84) and stored in the user's profile 92. The user's sketch 36 may then be associated with the random subject matter 34. This cyclic learning session 70 is repeated until the user's sketching skills 32 are determined.
FIG. 25 illustrates authentication. Now that the user's sketching skills 32 are learned, the user's sketching skills 32 may be applied to authentication requests. When the current user of the client device 20 wishes to authenticate, the client-side authentication algorithm 52 queries the database 72 of subject matter for the random subject matter 34. The database 72 of subject matter selects the random subject matter 34, and the client-side authentication algorithm 52 instructs the processor 50 to generate the prompt 82. The prompt 82 is visually displayed on a display device 200 (such as the touch screen 38 of the smart phone 24, illustrated in FIG. 1), and the prompt 82 instructs the user to draw the random subject matter 34 (such as “Please draw a ‘hamburger’ to authenticate,” as previously explained and illustrated). The user draws the random subject matter 34, and the data 40 (such as the touch screen data 84) is captured. The client-side authentication algorithm 52 retrieves the sketching skills 32 associated with the user identifier 94. The client-side authentication algorithm 52 generates the freehand model 42 of the random subject matter 34, using the sketching skills 32 associated with the user identifier 94 wishing to authenticate. The client-side authentication algorithm 52 compares the data 40 to the freehand model 42 using the graphical comparison 132. The similarity 134 is determined and compared to the threshold 136. If the similarity 134 satisfies the threshold 136, then the client-side authentication algorithm 52 may authenticate the user. If the similarity 134 does not satisfy the threshold 136, then the authentication may fail.
Exemplary embodiments may use two-dimensional and three-dimensional images. When the user is prompted to draw the random subject matter 34, exemplary embodiments may request a 2-D or 3-D rendering. If the user is prompted to draw a “house,” for example, the user may be required to draw a two-dimensional “house” or a three-dimensional, isometric “house.” Similarly, the freehand model 42 of the random subject matter 34 may also be generated in two-dimensions or three-dimensions.
FIG. 26 is a schematic illustrating authentication using physical building blocks, according to exemplary embodiments. As computing advances, the inventors foresee increased use and popularity of surface computing. Here the client device 20 is illustrated as a surface computer 210 having an interactive display 212. One or more legs 214 may support the surface computer 210, such that the interactive display 212 is generally flat or horizontal like a table. The interactive display 212, however, may have any orientation. Regardless, a designer, architect, or other user may place physical building blocks 216 onto the interactive display 212. The user arranges the building blocks 216 into a physical model 218 of any structure. The building blocks 216 may have a variety of shapes, thus allowing the user to build models of buildings, cars, component parts, or any other structure. As the user places and/or stacks the building blocks 216, an internal camera 220 peers upward through the interactive display 212 and captures digital pictures of an arrangement of the building blocks 216. The surface computer 210 analyzes the digital pictures and maps a location and identity of each building block 216. The surface computer 210 may thus create a computer model of the physical model 218 built atop the interactive display 212. Because surface computers are known to those of ordinary skill in the art, this disclosure need not provide a detailed explanation.
The physical building blocks 216 may be used for authentication. When the user wishes to authenticate, the user may be prompted to arrange the building blocks 216 into the random subject matter 34. That is, the surface computer 210 executes the client-side authentication algorithm 52 and generates the prompt 82 for the random subject matter 34 (as earlier paragraphs explained). Here, though, instead of drawing the random subject matter 34, the user arranges the building blocks 216 into the physical model 218 of the random subject matter 34. The client-side authentication algorithm 52 causes the internal camera 220 to capture a digital image of the user's physical model 218 of the random subject matter 34.
A comparison is then made. Because the user arranges the building blocks 216, here the client-side authentication algorithm 52 generates a two-dimensional or three-dimensional model 222 of the random subject matter 34. The model 222 is generated using the user's construction skills 224 learned over time. The user's construction skills 224 are learned from the learning session 70 as earlier explained, but here the user is repeatedly prompted to build two-dimensional and/or three-dimensional models of different random subject matter 34. If the authenticating user is truly who she purports to be, then exemplary embodiments may predict how she will arrange the building blocks 216 into the random subject matter 34. If the images and/or locations of the user's physical model 218 (built atop the interactive display 212) matches the model 222 generated using the user's construction skills 224, then the user may be authenticated.
FIG. 27 is a schematic illustrating gesture-based authentication, according to exemplary embodiments. When the user wishes to authenticate, here the user may be prompted to perform some physical gesture 230 that matches the random subject matter 34. The random subject matter 34, for example, may be “fly buzzing.” The user would then be prompted (via the prompt 82) to perform the physical gesture 230 of a “fly buzzing.” The client device 20 interfaces with an imaging system 232 (such as a digital camera) to capture video data 234 of the user performing her physical interpretation of a “fly buzzing.” Exemplary embodiments may then compare the video data 234 to a gesture model 236 learned over time from gesture skills 238. The learning session 70, for example, may cyclically prompt the user to perform various gestures, and the user's physical interpretations are analyzed to develop the gesture skills 238. Whenever the user wishes to authenticate, the user's gesture skills 238 may be used to generate the gesture model 236 of the random subject matter 34. If the authenticating user is truly who she purports to be, then exemplary embodiments may predict how she will physically interpret the random subject matter 34. If the video data 234 matches the gesture model 236, then the user may be authenticated.
FIGS. 28-30 are flowcharts illustrating a method or algorithm for authenticating users, according to exemplary embodiments. A user is prompted to provide an input (Block 250). The user's input is received (Block 252) and analyzed for the user's skills (Block 254). This learning session 70 is repeated to learn the user's skills (Block 216). When the user wishes to authenticate (Block 258), the random subject matter 34 is retrieved (Block 260). The random subject matter 34 is compared to the user's skills (Block 262).
The algorithm continues with FIG. 29. If the random subject matter 34 is too complicated for the user's skills (Block 264), then the random subject matter 34 may be rejected (Block 266) and different subject matter is selected (see Block 260 of FIG. 28). The user is prompted to interpret the random subject matter 34 (Block 268). The user's input is received (Block 270). A model of the random subject matter 34 is generated using the skills (Block 272). The user's interpretation of the random subject matter 34 is compared to the model of the random subject matter 34 generated from the skills (Block 274).
The algorithm continues with FIG. 30. If the user's interpretation matches the model (Block 276), then the user may be authenticated (Block 278). If the user's interpretation fails to match the model (Block 276), then authentication may be denied (Block 280).
FIG. 31 is a schematic illustrating still more exemplary embodiments. FIG. 31 is a more detailed diagram illustrating a processor-controlled device 300. As earlier paragraphs explained, the client-side authentication algorithm 52 and/or the server-side authentication algorithm 62 may operate in any processor-controlled device. FIG. 31, then, illustrates the client-side authentication algorithm 52 and/or the server-side authentication algorithm 62 stored in a memory subsystem of the processor-controlled device 300. One or more processors communicate with the memory subsystem and execute either or both applications. Because the processor-controlled device 300 is well-known to those of ordinary skill in the art, no further explanation is needed.
FIG. 32 depicts still more operating environments for additional aspects of the exemplary embodiments. FIG. 32 illustrates that the exemplary embodiments may alternatively or additionally operate within other processor-controlled devices 300. FIG. 32, for example, illustrates that the client-side authentication algorithm 52 and/or the server-side authentication algorithm 62 may entirely or partially operate within a set-top box (“STB”) (302), a personal/digital video recorder (PVR/DVR) 304, personal digital assistant (PDA) 306, a Global Positioning System (GPS) device 308, an interactive television 310, an Internet Protocol (IP) phone 312, a pager 314, a cellular/satellite phone 316, or any computer system, communications device, or any processor-controlled device utilizing a digital signal processor (DP/DSP) 318. The processor-controlled device 300 may also include watches, radios, vehicle electronics, clocks, printers, gateways, mobile/implantable medical devices, and other apparatuses and systems. Because the architecture and operating principles of the various processor-controlled devices 300 are well known, the hardware and software componentry of the various processor-controlled devices 300 are not further shown and described.
Exemplary embodiments may be physically embodied on or in a computer-readable storage medium. This computer-readable medium, for example, may include CD-ROM, DVD, tape, cassette, floppy disk, optical disk, memory card, memory drive, and large-capacity disks. This computer-readable medium, or media, could be distributed to end-subscribers, licensees, and assignees. A computer program product comprises processor-executable instructions for authenticating users, as the above paragraphs explained.
While the exemplary embodiments have been described with respect to various features, aspects, and embodiments, those skilled and unskilled in the art will recognize the exemplary embodiments are not so limited. Other variations, modifications, and alternative embodiments may be made without departing from the spirit and scope of the exemplary embodiments.

Claims (20)

The invention claimed is:
1. A method, comprising:
retrieving, at a server, randomly selected subject matter;
sending, from the server, the randomly selected subject matter to a client device for authentication of a user;
receiving, at the server, data describing a sketch of the randomly selected subject matter drawn by the user; and
authenticating, by the server, the user based on the sketch of the randomly selected subject matter.
2. The method of claim 1, further comprising sending a query for the randomly selected subject matter.
3. The method of claim 1, further comprising retrieving sketching skills associated with the user of the client device.
4. The method of claim 3, further comprising generating a freehand model of the randomly selected subject matter using the sketching skills.
5. The method of claim 3, further comprising generating a prediction of the randomly selected subject matter using the sketching skills.
6. The method of claim 3, further comprising learning the sketching skills associated with the user of the client device.
7. The method of claim 3, further comprising repeating a prompt-and-sketch routine to learn the sketching skills associated with the user of the client device.
8. The method of claim 1, further comprising retrieving an entry from a listing of nouns as the randomly selected subject matter.
9. A system, comprising:
a processor; and
a memory storing instructions that, when executed by the processor, cause the processor to perform operations, the operations comprising:
randomly selecting subject matter from a database of subject matter;
sending the subject matter to a client device for authentication of a user;
receiving data describing a sketch of the subject matter drawn by the user; and
authenticating the user based on the sketch of the subject matter.
10. The system of claim 9, wherein the operations further comprise querying for the random subject matter.
11. The system of claim 9, wherein the operations further comprise retrieving sketching skills associated with the user of the client device.
12. The system of claim 11, wherein the operations further comprise generating a freehand model of the subject matter using the sketching skills.
13. The system of claim 11, wherein the operations further comprise generating a prediction of the subject matter using the sketching skills.
14. The system of claim 11, wherein the operations further comprise learning the sketching skills associated with the user of the client device.
15. The system of claim 9, wherein the operations further comprise randomly selecting the subject matter from a listing of nouns.
16. The system of claim 11, wherein the operations further comprise rejecting the subject matter as too complicated for the sketching skills of the user.
17. The system of claim 9, wherein the operations further comprise receiving touch screen data describing the sketch of the subject matter inputted on a touch screen of the client device.
18. A memory storing instructions that when executed cause a processor to perform operations, the operations comprising:
retrieving randomly selected subject matter from a database;
sending the randomly selected subject matter to a client device for authentication of a user;
receiving data describing a sketch of the randomly selected subject matter drawn by the user; and
authenticating the user based on the sketch of the randomly selected subject matter.
19. The memory of claim 18, wherein the operations further comprise generating a prediction of the randomly selected subject matter.
20. The memory of claim 19, wherein the operations further comprise comparing the sketch to the prediction.
US14/266,889 2012-10-09 2014-05-01 Methods, systems, and products for authentication of users Active US9083694B2 (en)

Priority Applications (5)

Application Number Priority Date Filing Date Title
US14/266,889 US9083694B2 (en) 2012-10-09 2014-05-01 Methods, systems, and products for authentication of users
US14/737,656 US9584500B2 (en) 2012-10-09 2015-06-12 Methods, systems, and products for authentication of users
US15/411,969 US9881149B2 (en) 2012-10-09 2017-01-21 Methods, systems, and products for authentication of users
US15/863,874 US10810299B2 (en) 2012-10-09 2018-01-06 Methods, systems, and products for authentication of users
US17/023,689 US11449595B2 (en) 2012-10-09 2020-09-17 Methods, systems, and products for authentication of users

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US13/647,435 US8752151B2 (en) 2012-10-09 2012-10-09 Methods, systems, and products for authentication of users
US14/266,889 US9083694B2 (en) 2012-10-09 2014-05-01 Methods, systems, and products for authentication of users

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US13/647,435 Continuation US8752151B2 (en) 2012-10-09 2012-10-09 Methods, systems, and products for authentication of users

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US14/737,656 Continuation US9584500B2 (en) 2012-10-09 2015-06-12 Methods, systems, and products for authentication of users

Publications (2)

Publication Number Publication Date
US20140237577A1 US20140237577A1 (en) 2014-08-21
US9083694B2 true US9083694B2 (en) 2015-07-14

Family

ID=50433844

Family Applications (6)

Application Number Title Priority Date Filing Date
US13/647,435 Active US8752151B2 (en) 2012-10-09 2012-10-09 Methods, systems, and products for authentication of users
US14/266,889 Active US9083694B2 (en) 2012-10-09 2014-05-01 Methods, systems, and products for authentication of users
US14/737,656 Active 2032-12-07 US9584500B2 (en) 2012-10-09 2015-06-12 Methods, systems, and products for authentication of users
US15/411,969 Active US9881149B2 (en) 2012-10-09 2017-01-21 Methods, systems, and products for authentication of users
US15/863,874 Active US10810299B2 (en) 2012-10-09 2018-01-06 Methods, systems, and products for authentication of users
US17/023,689 Active 2033-01-06 US11449595B2 (en) 2012-10-09 2020-09-17 Methods, systems, and products for authentication of users

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US13/647,435 Active US8752151B2 (en) 2012-10-09 2012-10-09 Methods, systems, and products for authentication of users

Family Applications After (4)

Application Number Title Priority Date Filing Date
US14/737,656 Active 2032-12-07 US9584500B2 (en) 2012-10-09 2015-06-12 Methods, systems, and products for authentication of users
US15/411,969 Active US9881149B2 (en) 2012-10-09 2017-01-21 Methods, systems, and products for authentication of users
US15/863,874 Active US10810299B2 (en) 2012-10-09 2018-01-06 Methods, systems, and products for authentication of users
US17/023,689 Active 2033-01-06 US11449595B2 (en) 2012-10-09 2020-09-17 Methods, systems, and products for authentication of users

Country Status (1)

Country Link
US (6) US8752151B2 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150281209A1 (en) * 2012-10-09 2015-10-01 At&T Intellectual Property I, L.P. Methods, Systems, and Products for Authentication of Users
US11934652B2 (en) 2020-10-14 2024-03-19 Samsung Electronics Co., Ltd. Display apparatus and control method thereof

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9122851B2 (en) * 2010-08-02 2015-09-01 3 Fish Limited Identity assessment method and system
US8931070B2 (en) * 2013-03-29 2015-01-06 International Business Machines Corporation Authentication using three-dimensional structure
US9549322B2 (en) * 2014-06-11 2017-01-17 Visa International Service Association Methods and systems for authentication of a communication device
US9584503B2 (en) * 2014-06-19 2017-02-28 Vmware, Inc. Authentication to a remote server from a computing device having stored credentials
US9928671B2 (en) * 2014-09-26 2018-03-27 Honeywell International Inc. System and method of enhanced identity recognition incorporating random actions
US10506040B2 (en) * 2014-10-30 2019-12-10 Lenovo (Singapore) Pte. Ltd. Aggregate service with enhanced remote device management
US9639677B1 (en) * 2014-12-31 2017-05-02 EMC IP Holding Company LLC Skill-based authentication
EP3498664B1 (en) * 2017-12-15 2020-08-19 Airbus Defence and Space GmbH Hydrogen-storage device for hydrogen-storage
US10332367B1 (en) * 2018-10-17 2019-06-25 Capital One Services, Llc Systems and methods for using haptic vibration for inter device communication
US10789800B1 (en) 2019-05-24 2020-09-29 Ademco Inc. Systems and methods for authorizing transmission of commands and signals to an access control device or a control panel device
US11934510B2 (en) 2020-12-17 2024-03-19 International Business Machines Corporation Using drawing capability as a credential or authentication mechanism via generative and adversarial network
US20230008868A1 (en) * 2021-07-08 2023-01-12 Nippon Telegraph And Telephone Corporation User authentication device, user authentication method, and user authentication computer program

Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6421453B1 (en) 1998-05-15 2002-07-16 International Business Machines Corporation Apparatus and methods for user recognition employing behavioral passwords
US20060174339A1 (en) 2005-01-29 2006-08-03 Hai Tao An arrangement and method of graphical password authentication
US20090138725A1 (en) * 2007-11-28 2009-05-28 Sriganesh Madhvanath Authentication System and Method
US20090210939A1 (en) * 2008-02-20 2009-08-20 Microsoft Corporation Sketch-based password authentication
US7729520B2 (en) 2002-09-04 2010-06-01 Fachhochschule Regensburg Biometric acoustic writing system and method for identifying individuals and recognizing handwriting by using biometric data
US20100328032A1 (en) 2009-06-24 2010-12-30 Broadcom Corporation Security for computing unit with femtocell ap functionality
US8117458B2 (en) 2006-05-24 2012-02-14 Vidoop Llc Methods and systems for graphical image authentication
US8145912B2 (en) 2005-03-01 2012-03-27 Qualcomm Incorporated System and method for using a visual password scheme
US20120102551A1 (en) 2010-07-01 2012-04-26 Prasanna Bidare System for Two Way Authentication
US8174503B2 (en) 2008-05-17 2012-05-08 David H. Cain Touch-based authentication of a mobile device through user generated pattern creation
US8217912B2 (en) 2009-06-17 2012-07-10 Broadcom Corporation Graphical authentication for a portable device and methods for use therewith
US8650636B2 (en) * 2011-05-24 2014-02-11 Microsoft Corporation Picture gesture authentication
US8752151B2 (en) * 2012-10-09 2014-06-10 At&T Intellectual Property I, L.P. Methods, systems, and products for authentication of users
US8973095B2 (en) * 2012-06-25 2015-03-03 Intel Corporation Authenticating a user of a system via an authentication image mechanism

Family Cites Families (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6937742B2 (en) * 2001-09-28 2005-08-30 Bellsouth Intellectual Property Corporation Gesture activated home appliance
US7752293B1 (en) * 2002-07-30 2010-07-06 Cisco Technology, Inc. Command processing in a telecommunications network
JP2008505383A (en) * 2004-06-29 2008-02-21 コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ Personal gesture signature
US7953983B2 (en) * 2005-03-08 2011-05-31 Microsoft Corporation Image or pictographic based computer login systems and methods
US20070036353A1 (en) * 2005-05-31 2007-02-15 Interdigital Technology Corporation Authentication and encryption methods using shared secret randomness in a joint channel
US8353764B2 (en) * 2006-11-14 2013-01-15 Igt Behavioral biometrics for authentication in computing environments
US9813415B2 (en) * 2007-04-02 2017-11-07 Abdul Rahman Syed Ibrahim Abdul Hameed Khan System and method of generating and using bilaterally generated variable instant passwords
US20110078236A1 (en) * 2009-09-29 2011-03-31 Olsen Jr Dan R Local access control for display devices
US20110119073A1 (en) * 2009-11-18 2011-05-19 Al Cure Technologies LLC Method and Apparatus for Verification of Medication Administration Adherence
CN101853297A (en) * 2010-05-28 2010-10-06 英华达(南昌)科技有限公司 Method for fast obtaining expected image in electronic equipment
US20110302649A1 (en) * 2010-06-02 2011-12-08 Skiff, Inc. System for and method of providing secure sign-in on a touch screen device
US9800716B2 (en) * 2010-09-21 2017-10-24 Cellepathy Inc. Restricting mobile device usage
WO2012046099A1 (en) * 2010-10-04 2012-04-12 Nokia Corporation Method, apparatus, and computer program product for implementing sketch-based authentication
US20120204225A1 (en) * 2011-02-08 2012-08-09 Activepath Ltd. Online authentication using audio, image and/or video
US9082235B2 (en) * 2011-07-12 2015-07-14 Microsoft Technology Licensing, Llc Using facial data for device authentication or subject identification
US20130061305A1 (en) * 2011-09-07 2013-03-07 Kelsey L. Bruso Random challenge action for authentication of data or devices
US20130061304A1 (en) * 2011-09-07 2013-03-07 Kelsey L. Bruso Pre-configured challenge actions for authentication of data or devices
US20130159939A1 (en) * 2011-10-12 2013-06-20 Qualcomm Incorporated Authenticated gesture recognition
JP6064464B2 (en) * 2012-09-10 2017-01-25 セイコーエプソン株式会社 Head-mounted display device, head-mounted display device control method, and authentication system
US9280281B2 (en) * 2012-09-12 2016-03-08 Insyde Software Corp. System and method for providing gesture-based user identification
US9430634B1 (en) * 2012-10-23 2016-08-30 Emc Corporation Authentication using gesture passwords

Patent Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6421453B1 (en) 1998-05-15 2002-07-16 International Business Machines Corporation Apparatus and methods for user recognition employing behavioral passwords
US7729520B2 (en) 2002-09-04 2010-06-01 Fachhochschule Regensburg Biometric acoustic writing system and method for identifying individuals and recognizing handwriting by using biometric data
US20060174339A1 (en) 2005-01-29 2006-08-03 Hai Tao An arrangement and method of graphical password authentication
US8145912B2 (en) 2005-03-01 2012-03-27 Qualcomm Incorporated System and method for using a visual password scheme
US8117458B2 (en) 2006-05-24 2012-02-14 Vidoop Llc Methods and systems for graphical image authentication
US20090138725A1 (en) * 2007-11-28 2009-05-28 Sriganesh Madhvanath Authentication System and Method
US8024775B2 (en) 2008-02-20 2011-09-20 Microsoft Corporation Sketch-based password authentication
US20090210939A1 (en) * 2008-02-20 2009-08-20 Microsoft Corporation Sketch-based password authentication
US8174503B2 (en) 2008-05-17 2012-05-08 David H. Cain Touch-based authentication of a mobile device through user generated pattern creation
US8217912B2 (en) 2009-06-17 2012-07-10 Broadcom Corporation Graphical authentication for a portable device and methods for use therewith
US20100328032A1 (en) 2009-06-24 2010-12-30 Broadcom Corporation Security for computing unit with femtocell ap functionality
US20120102551A1 (en) 2010-07-01 2012-04-26 Prasanna Bidare System for Two Way Authentication
US8650636B2 (en) * 2011-05-24 2014-02-11 Microsoft Corporation Picture gesture authentication
US8973095B2 (en) * 2012-06-25 2015-03-03 Intel Corporation Authenticating a user of a system via an authentication image mechanism
US8752151B2 (en) * 2012-10-09 2014-06-10 At&T Intellectual Property I, L.P. Methods, systems, and products for authentication of users

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
Dunphy et al., "A Closer Look at Recognition-based Graphical Passwords on Mobile Devices", Jul. 2010, pp. 1-12.
Goldberg et al., "Doodling Our Way to Better Authentication", Apr. 2002, CHI, pp. 868-869.
Oka et al., "Scribble-a-Secret: Similarity-Based Passwrod Authentication Using Sketches", 2008, IEEE, pp. 1-4.

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150281209A1 (en) * 2012-10-09 2015-10-01 At&T Intellectual Property I, L.P. Methods, Systems, and Products for Authentication of Users
US9584500B2 (en) * 2012-10-09 2017-02-28 At&T Intellectual Property I, L.P. Methods, systems, and products for authentication of users
US20170132403A1 (en) * 2012-10-09 2017-05-11 At&T Intellectual Property I, L.P. Methods, Systems, and Products for Authentication of Users
US9881149B2 (en) * 2012-10-09 2018-01-30 At&T Intellectual Property I, L.P. Methods, systems, and products for authentication of users
US20180144116A1 (en) * 2012-10-09 2018-05-24 At&T Intellectual Property I, L.P. Methods, Systems, and Products for Authentication of Users
US10810299B2 (en) * 2012-10-09 2020-10-20 At&T Intellectual Property I, L.P. Methods, systems, and products for authentication of users
US11449595B2 (en) * 2012-10-09 2022-09-20 At&T Intellectual Property I, L.P. Methods, systems, and products for authentication of users
US11934652B2 (en) 2020-10-14 2024-03-19 Samsung Electronics Co., Ltd. Display apparatus and control method thereof

Also Published As

Publication number Publication date
US9881149B2 (en) 2018-01-30
US20140101740A1 (en) 2014-04-10
US20210004450A1 (en) 2021-01-07
US20170132403A1 (en) 2017-05-11
US8752151B2 (en) 2014-06-10
US20180144116A1 (en) 2018-05-24
US20140237577A1 (en) 2014-08-21
US20150281209A1 (en) 2015-10-01
US10810299B2 (en) 2020-10-20
US9584500B2 (en) 2017-02-28
US11449595B2 (en) 2022-09-20

Similar Documents

Publication Publication Date Title
US11449595B2 (en) Methods, systems, and products for authentication of users
US10574640B2 (en) Methods, systems, and products for authenticating users
US11330012B2 (en) System, method, and device of authenticating a user based on selfie image or selfie video
US9959422B2 (en) Limited-access functionality accessible at lock screen
US9706406B1 (en) Security measures for an electronic device
US10248815B2 (en) Contemporaneous gesture and keyboard for different levels of entry authentication
US9355234B1 (en) Authentication involving selection among different biometric methods dynamically
US9280652B1 (en) Secure device unlock with gaze calibration
US9147061B1 (en) Multi-level authentication
US10251056B2 (en) Electronic device with gesture actuation of companion devices, and corresponding systems and methods
Krašovec et al. Not quite yourself today: Behaviour-based continuous authentication in IoT environments
KR102163850B1 (en) Display apparatus and control method thereof
US20130061304A1 (en) Pre-configured challenge actions for authentication of data or devices
Simske Dynamic biometrics: The case for a real-time solution to the problem of access control, privacy and security
JP7448664B2 (en) Privacy controls for sharing embeds to search and index media content
US20210344664A1 (en) Methods, Systems, and Electronic Devices for Selective Locational Preclusion of Access to Content
US20240214208A1 (en) Techniques for providing a digital keychain for physical objects
US11317293B2 (en) Methods for authenticating a user of an electronic device
EP4111724A1 (en) Method, data processing system and computer program for securing functionality of a user device connected to a local network
Bouck-Standen et al. Multi-Factor Authentication for Public Displays using the Semantic Ambient Media Framework: Interconnecting Semantic Media and Devices

Legal Events

Date Code Title Description
AS Assignment

Owner name: AT&T INTELLECTUAL PROPERTY I, L.P., GEORGIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:PRATT, JAMES H.;SCHROETER, HORST J.;SHAHRARAY, BEHZAD;AND OTHERS;SIGNING DATES FROM 20121002 TO 20121006;REEL/FRAME:032886/0093

FEPP Fee payment procedure

Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STCF Information on status: patent grant

Free format text: PATENTED CASE

AS Assignment

Owner name: AT&T INTELLECTUAL PROPERTY I, L.P., GEORGIA

Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE EXECUTION DATE OF THE FIFTH INVENTORS PREVIOUSLY RECORDED AT REEL: 032886 FRAME: 0093. ASSIGNOR(S) HEREBY CONFIRMS THE ASSIGNMENT;ASSIGNORS:PRATT, JAMES H.;SCHROETER, HORST J.;SHAHRARAY, BEHZAD;AND OTHERS;SIGNING DATES FROM 20121002 TO 20121008;REEL/FRAME:046285/0843

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 4

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 8